Web Developer, Security Engineer
Jobtailor
Washington, United States Full Time Technology Jobs United States New
Job Description
Responsibilities
- Identify, analyze, and remediate critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations in web applications and APIs.
- Drive the vulnerability lifecycle through threat modeling, security assessments, and technical validation of remediation actions.
- Support secure design patterns, data protection mechanisms, and secure communication protocols across applications and supporting services.
- Review and analyze web server and application logs to detect anomalies and indicators of compromise.
- Implement automation scripts for threat intelligence integration and application security monitoring.
- Participate in audits, risk assessments, and security authorization activities tied to federal frameworks.
Requirements
- Minimum of three years of experience in web application security, application security engineering, or secure software development lifecycle work.
- Hands‑on experience in secure software development, DevSecOps automation, and vulnerability remediation.
- Proven experience with .NET technologies, HTML5, CSS3, JavaScript, representational state transfer (REST) APIs, and structured query language (SQL).
- Ability to leverage AI‑assisted development tools and scripting languages to automate monitoring and compliance efforts.
- Strong understanding of the Open Worldwide Application Security Project (OWASP) Top 10, secure coding standards, web application firewalls (WAFs), file integrity monitoring, and security testing tools.
- Ability to perform risk assessments and provide remediation guidance for core systems and dependencies.
- Bachelor's degree or higher in computer science, cybersecurity, information systems, engineering, or a related field.
- Ability to meet federal screening and suitability requirements prior to start.
- Current security certifications maintained for a minimum of five years, spanning application security (such as CSSLP, GWEB, or CASE), offensive security (such as OSWE or OSCP), and foundational security (such as Security+ or GSEC); expired or never‑used certifications will not be considered.
Posted July 14, 2026