Web Application Security Engineer (AppSec / DevSecOps) at Essnova Solutions, Inc.
Washington, District of Columbia, United States -
Full Time


Start Date

Immediate

Expiry Date

21 Sep, 26

Salary

0.0

Posted On

23 Jun, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Application Security, DevSecOps, Secure SDLC, Vulnerability Assessment, Threat Modeling, OWASP Top 10, Web Application Firewall (WAF), CI/CD Pipeline Integration, NIST Framework, FedRAMP, FISMA, SAST, DAST, SCA, Secure Code Review, Cloud Security

Industry

Software Development

Description
Location: Washington, DC Metropolitan Area (Hybrid) Employment Type: Full-Time Clearance: Public Trust (Tier 2) or ability to obtain* About Essnova Solutions Essnova Solutions is a growing technology consulting firm delivering innovative IT, cloud, cybersecurity, engineering, and digital transformation solutions to Federal Government clients. We are committed to technical excellence, collaboration, and providing our employees with opportunities to solve complex mission challenges. Position Summary Essnova Solutions is seeking an experienced Web Application Security Engineer to support a federal customer by integrating security throughout the software development lifecycle (SDLC) and protecting enterprise web applications and APIs from evolving cyber threats. The ideal candidate has experience with application security, secure software development, vulnerability management, DevSecOps, and federal cybersecurity frameworks. Key Responsibilities Embed security throughout the Software Development Lifecycle (SDLC). Perform web application vulnerability assessments, penetration support, and threat modeling activities. Identify, prioritize, and remediate application security vulnerabilities. Implement secure coding standards aligned with OWASP Top 10 and industry best practices. Configure and maintain Web Application Firewalls (WAF) and application security controls. Integrate application security tools into CI/CD pipelines and DevSecOps workflows. Monitor application logs and investigate security events affecting web applications and APIs. Collaborate with software developers, DevOps engineers, and cybersecurity teams to improve application security posture. Support compliance with NIST, FISMA, FedRAMP, and other federal cybersecurity standards. Develop security documentation, technical recommendations, and remediation guidance. Required Qualifications Experience in Application Security (AppSec), Web Application Security, or Product Security. Strong knowledge of secure software development practices and Secure SDLC. Experience performing vulnerability assessments, threat modeling, and application security testing. Knowledge of OWASP Top 10, common web application vulnerabilities, and remediation techniques. Experience implementing or supporting Web Application Firewalls (WAF). Experience integrating security into CI/CD pipelines and DevSecOps environments. Familiarity with federal cybersecurity frameworks including NIST and FedRAMP. Excellent analytical, troubleshooting, and communication skills. Preferred Qualifications Experience with SAST, DAST, Software Composition Analysis (SCA), or similar application security tools. Experience with secure code reviews and developer security training. Experience supporting cloud-native applications within AWS and/or Microsoft Azure. Experience supporting federal government or highly regulated environments. Relevant security certifications such as: CSSLP OSCP OSWE GWEB CASE Security+ GSEC Clearance Public Trust (Tier 2) clearance or the ability to obtain and maintain one.* Why Join Essnova? At Essnova Solutions, you'll join a collaborative team supporting high-impact federal technology initiatives. We invest in our employees by providing opportunities to work with modern cloud technologies, cybersecurity best practices, and mission-critical systems that make a real difference.
Responsibilities
Integrate security throughout the software development lifecycle to protect enterprise web applications and APIs from cyber threats. This includes performing vulnerability assessments, configuring WAFs, and collaborating with DevOps teams to improve security posture.
Loading...