Web Developer Security Engineer at Loch Harbour Group, Inc.

Washington, District of Columbia, United States -

Full Time

Start Date

Immediate

Expiry Date

23 Sep, 26

Salary

190000.0

Posted On

25 Jun, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Application Security, Secure Software Development Lifecycle, DevSecOps, Vulnerability Remediation, OWASP Top 10, .NET, Python, JavaScript, SQL, Web Application Firewall, File Integrity Monitoring, AWS, Docker, Kubernetes, NIST SP 800-53, Threat Modeling

Industry

IT Services and IT Consulting

Description

Description We are seeking a highly skilled Web Developer Security Engineer to support the design, development, implementation, and maintenance of secure web applications and cybersecurity solutions. The ideal candidate will possess deep expertise in Application Security (AppSec), Secure Software Development Lifecycle (SSDLC), DevSecOps automation, vulnerability remediation, and Federal cybersecurity compliance frameworks. This role requires a proactive security mindset and the ability to integrate security throughout the software development lifecycle while supporting mission-critical systems. Key Responsibilities: Secure Software Development & Application Security Design, develop, and maintain secure web applications utilizing modern web technologies and frameworks including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL. Implement Secure Software Development Lifecycle (SSDLC) practices and secure coding standards. Conduct application security reviews, threat modeling, risk assessments, and vulnerability remediation activities. Ensure compliance with Open Worldwide Application Security Project (OWASP) Top 10 guidelines and industry security best practices. Leverage AI-assisted development tools such as GitHub Copilot, OpenAI APIs, and automation frameworks to improve security monitoring, code quality, and compliance auditing. DevSecOps & Security Automation Implement and maintain DevSecOps processes within CI/CD pipelines. Automate security testing, vulnerability scanning, compliance validation, and security gate enforcement throughout the development lifecycle. Develop scripts and automation solutions using Python, JavaScript/Node.js, Java, React.js, and TypeScript. Collaborate with development, operations, and cybersecurity teams to ensure secure software deployment and operations. Security Monitoring & Incident Response Perform log analysis, security monitoring, and forensic investigations. Configure and maintain File Integrity Monitoring (FIM) solutions to detect unauthorized changes to web content and critical system files. Deploy, tune, and manage Web Application Firewalls (WAFs) to protect custom-developed applications against evolving cyber threats. Support Tier II security operations and provide recommendations for continuous security improvements. Cybersecurity Compliance & Risk Management Perform risk assessments and analyze cyber threats affecting enterprise applications and infrastructure. Develop security metrics, compliance reporting, and audit documentation. Support Federal cybersecurity compliance efforts including: NIST SP 800-53 FISMA FedRAMP Evaluate, recommend, and implement security controls for web, cloud, and mobile device solutions. Cloud & Infrastructure Security Implement security controls for cloud environments, including AWS. Secure containerized environments using Docker and Kubernetes. Support security operations through the use of SIEM, IDS/IPS, Network Detection and Response (NDR), Endpoint Detection and Response (EDR), and related cybersecurity technologies. Requirements Required Qualifications: Minimum of three (3) years of experience in Web Application Security, Application Security Engineering (AppSec), or Secure Software Development Lifecycle (SSDLC). Extensive hands-on experience in: Secure software development DevSecOps automation Vulnerability assessment and remediation Experience developing web applications using modern technologies and frameworks, including: .NET (C# MVC, WCF) HTML5 CSS3 JavaScript REST APIs SQL Proficiency in: Log analysis File Integrity Monitoring (FIM) Web Application Firewall (WAF) administration and management Strong understanding of: OWASP Top 10 Secure coding standards Web application vulnerability mitigation techniques Experience deploying, configuring, tuning, and maintaining Web Application Firewall (WAF) solutions for custom-developed web applications. Experience configuring and managing File Integrity Monitoring (FIM) solutions to detect and alert on unauthorized changes to web content and critical files. Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting languages such as: Python JavaScript/Node.js Java React.js TypeScript Familiarity with security monitoring and testing tools, including: Wireshark SIEM platforms IDS/IPS Network Detection and Response (NDR) Endpoint Detection and Response (EDR) Ability to: Perform risk assessments Analyze cybersecurity threats Develop remediation recommendations for enterprise systems and applications Proven experience implementing DevSecOps principles and integrating security controls throughout CI/CD pipelines. Experience developing security metrics, managing compliance reporting, and auditing systems against established security baselines. Experience evaluating, recommending, and implementing security controls for mobile devices and mobile web applications. Experience providing Tier II security operations support and recommending continuous security improvements for existing infrastructure. Demonstrated ability to work independently and collaboratively within cross-functional teams. Desired Qualifications Experience supporting enterprise security operations in complex Federal or regulated environments. Experience automating security monitoring, compliance validation, and audit activities. Strong analytical, troubleshooting, and problem-solving skills with the ability to address emerging cybersecurity threats. Education Bachelor's degree or higher in Computer Science, Cybersecurity, Information Systems, Engineering, or a related technical field. Security Requirement U.S. Citizenship required. Must be eligible to obtain and maintain a Tier 2 Public Trust clearance Candidates must possess current certifications from one or more of the following categories: Specialized Application Security Certifications Certified Secure Software Lifecycle Professional (CSSLP) GIAC Certified Web Application Defender (GWEB) EC-Council Certified Application Security Engineer (CASE) Offensive Security Certifications OffSec Web Expert (OSWE) Offensive Security Certified Professional (OSCP) Foundational Security Certifications CompTIA Security+ GIAC Security Essentials (GSEC) Certification Requirements Certifications (or equivalent predecessor certifications) must have been maintained and professionally utilized for a minimum of five (5) years. Expired certifications will not be considered. Certifications that have not been applied in a professional work environment will not be considered. Preferred Qualifications In-depth experience supporting Federal cybersecurity compliance and authorization frameworks, including: NIST SP 800-53 FISMA FedRAMP Proven experience in: Threat modeling Cybersecurity risk assessments Security architecture design Development of resilient and secure enterprise systems Advanced experience implementing DevSecOps practices, including: Integrating security controls throughout the software development lifecycle Securing CI/CD pipelines Automating security testing and security gate enforcement Knowledge of cloud security principles and best practices, particularly within AWS environments. Experience securing and managing containerized environments using: Docker Kubernetes About Loch Harbour Group Loch Harbour Group is a Service-Disabled Veteran-Owned Small Business founded in 1995. We hold CMMI Service Maturity Level 3, ISO 9001:2015, ISO/IEC 27001:2022, and ISO/IEC 20000-1:2018 certifications, and serve federal customers across DoD, homeland security, and civilian agencies. LHG is an equal opportunity employer and considers all qualified applicants without regard to race, color, religion, sex, national origin, age, disability, veteran status, or any other protected status. Company Highlights: At LHG, we offer our employees a full comprehensive and competitive benefits package. Our benefits package features: Competitive salaries Paid time off Health, dental and vision insurance Company paid short/long term disability Company paid Life and Accidental Death & Dismemberment insurance 401(k) (up to 5% matching) Flexible Spending Accounts (FSA) Other company perks The Loch Harbour Group is an equal opportunity employer, all interested qualified applicants are encouraged to apply, D/M/V/F. LHG welcomes and encourages diversity in the workforce.

Responsibilities

Design and maintain secure web applications while integrating security throughout the software development lifecycle. Implement DevSecOps automation, perform vulnerability assessments, and ensure compliance with Federal cybersecurity frameworks.