Web Developer Security Engineer
What Your Day-To-Day Looks Like (Position Responsibilities):
-
Identify, analyze, and remediate critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations in web applications and APIs.
-
Drive the vulnerability lifecycle through threat modeling, security assessments, and technical validation of remediation actions.
-
Support secure design patterns, data protection mechanisms, and secure communication protocols across applications and supporting services.
-
Review and analyze web server and application logs to detect anomalies and indicators of compromise.
-
Implement automation scripts for threat intelligence integration and application security monitoring.
-
Participate in audits, risk assessments, and security authorization activities tied to federal frameworks.
What You Need to Succeed (Minimum Requirements):
-
Minimum of three years of experience in web application security, application security engineering, or secure software development lifecycle work.
-
Hands-on experience in secure software development, DevSecOps automation, and vulnerability remediation.
-
Proven experience with .NET technologies, HTML5, CSS3, JavaScript, representational state transfer (REST) APIs, and structured query language (SQL).
-
Ability to leverage AI-assisted development tools and scripting languages to automate monitoring and compliance efforts.
-
Strong understanding of the Open Worldwide Application Security Project (OWASP) Top 10, secure coding standards, web application firewalls (WAFs), file integrity monitoring, and security testing tools.
-
Ability to perform risk assessments and provide remediation guidance for core systems and dependencies.
-
Bachelor's degree or higher in computer science, cybersecurity, information systems, engineering, or a related field.
-
Ability to meet federal screening and suitability requirements prior to start.
-
Current security certifications maintained for a minimum of five years, spanning application security (such as CSSLP, GWEB, or CASE), offensive security (such as OSWE or OSCP), and foundational security (such as Security+ or GSEC); expired or never-used certifications will not be considered.
Ideally, You Also Have (Preferred Qualifications):
-
In-depth experience with federal cybersecurity frameworks and authorization processes.
-
Experience with threat modeling, resilient security architecture, cloud security, and container security.
Lovable
iHerb
Comtech
N26