Web Developer Security Engineer

Web Developer Security Engineer

The Web Developer Security Engineering plays a pivotal role in protecting mission-critical web applications, APIs and sensitive data. The objectives are to embed robust security principles throughout the software development lifecycle (SDLC) to build security as a proactive, foundational pillar.
Responsibilities:
Identify, analyze, and neutralize critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations
Drive the end-to-end vulnerability lifecycle - integrating proactive threat modeling and advanced security assessments, ensuring remediation integrity through rigorous technical validation
Support integration of security controls into application architectures, APIs, and supporting services, advising on secure design patterns; data protection mechanisms; and secure communication protocols to ensure applications are secure by design and resilient to evolving threats.
Obtain, review, and analyze web server and application logs to detect anomalies and indicators of compromise
Implement automation scripts for threat intelligence integration to optimize alert accuracy and actively support the end-to-end response to web application security events.
Maintain documentation of findings, remediation steps, and security controls.
Ensure all web applications and cloud infrastructures comply with Federal cybersecurity frameworks, including NIST SP 800‑53, FISMA, and FedRAMP (as applicable)
Participate in audits, risk assessments, and security authorization processes
Required/ Preferred Skills :
Bachelor’s degree (or higher) in computer science, Cybersecurity, Information Systems, Engineering, or a related field
Extensive hands-on experience in secure software development, DevSecOps automation, and vulnerability remediation.
Proficiency in logs analysis, file integrity monitoring (FIM), and managing web application firewalls (WAF) to defend against emerging threats.
Minimum of 3 years of experience in Web Application Security, Application Security Engineering (AppSec) or secure software development life cycle (SSDLC)
Proven developing with modern web technologies and frameworks not limited to .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL
Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting languages (Python, JavaScript/Node.js, Java, React.js, TypeScript) to automate security monitoring and compliance audits.
Strong understanding of Open Worldwide Application Security Project (OWASP) Top 10, secure coding standards, and proactive mitigation of common web vulnerabilities.
Experience deploying, tuning, and maintaining Web Application Firewalls (WAFs) solutions tailored to custom-developed applications and traffic patterns.
Strong track record in configuring and managing File Integrity Monitoring (FIM) solutions for web content directories, to detect and alert on unauthorized change.
Familiar with security testing tools such as Wireshark, SIEM, IDS/IPS, NDR, or EDR
Evaluates, recommends, and implements security controls for mobile device solutions and mobile-web interface.
Ability to perform complex risk assessments, analyze cyber threats, and provide remediation guidance for core systems and their dependencies
Proven ability to implement DevSecOps principles, seamlessly integrating security controls throughout the CI/CD pipeline
Experience developing security metrics, managing compliance reporting, and auditing systems against established security baselines
Collaborate effectively across multidisciplinary teams, and work independently as well as in a team
Experience providing Tier II support for security operations and recommending continue security enhancements for existing infrastructure.
In-depth experience at Federal cybersecurity frameworks (NIST SP 800‑53, FISMA, FedRAMP) authorization process
Proven background in threat modeling, risk assessment, and designing resilient security architecture.
Advanced experience implementing secure DevOps/DevSecOps practices, specifically focus on CI/CD pipeline and automating security gates
Knowledge of cloud security AWS and container security (Docker, Kubernetes)
Certified Secure Software Lifecyle Professional (CSSLP)
GIAC Certified Web Application Defender (GWEB)
EC-Council Certified Application Security Engineer (CASE)
OffSec Web Expert (OSWE)
Offensive Security Certified Professional (OSCP)
Security+
GSEC