Web Developer Security Engineer

Web Developer Security Engineer

The Web Developer Security Engineering plays a pivotal role in protecting mission-critical web applications, APIs and sensitive data. The objectives are to embed robust security principles throughout the software development lifecycle (SDLC) to build security as a proactive, foundational pillar.
Responsibilities:
Identify, analyze, and neutralize critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations
Drive the end-to-end vulnerability lifecycle - integrating proactive threat modeling and advanced security assessments, ensuring remediation integrity through rigorous technical validation
Support integration of security controls into application architectures, APIs, and supporting services, advising on secure design patterns; data protection mechanisms; and secure communication protocols to ensure applications are secure by design and resilient to evolving threats.
Obtain, review, and analyze web server and application logs to detect anomalies and indicators of compromise
Implement automation scripts for threat intelligence integration to optimize alert accuracy and actively support the end-to-end response to web application security events.
Maintain documentation of findings, remediation steps, and security controls.
Ensure all web applications and cloud infrastructures comply with Federal cybersecurity frameworks, including NIST SP 800‑53, FISMA, and FedRAMP (as applicable)
Participate in audits, risk assessments, and security authorization processes
Required/ Preferred Skills :
Bachelor’s degree (or higher) in computer science, Cybersecurity, Information Systems, Engineering, or a related field
Extensive hands-on experience in secure software development, DevSecOps automation, and vulnerability remediation. Required
Proficiency in logs analysis, file integrity monitoring (FIM), and managing web application firewalls (WAF) to defend against emerging threats. Required
Minimum of 3 years of experience in Web Application Security, Application Security Engineering (AppSec) or secure software development life cycle (SSDLC) Required
Proven developing with modern web technologies and frameworks not limited to .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL. Required
Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting languages (Python, JavaScript/Node.js, Java, React.js, TypeScript) to automate security monitoring and compliance audits. Required
Strong understanding of Open Worldwide Application Security Project (OWASP) Top 10, secure coding standards, and proactive mitigation of common web vulnerabilities. Required
Experience deploying, tuning, and maintaining Web Application Firewalls (WAFs) solutions tailored to custom-developed applications and traffic patterns. Required
Strong track record in configuring and managing File Integrity Monitoring (FIM) solutions for web content directories, to detect and alert on unauthorized change. Required
Familiar with security testing tools such as Wireshark, SIEM, IDS/IPS, NDR, or EDR. Required
Evaluates, recommends, and implements security controls for mobile device solutions and mobile-web interface. Required
Ability to perform complex risk assessments, analyze cyber threats, and provide remediation guidance for core systems and their dependencies. Required
Proven ability to implement DevSecOps principles, seamlessly integrating security controls throughout the CI/CD pipeline. Required
Experience developing security metrics, managing compliance reporting, and auditing systems against established security baselines. Required
Collaborate effectively across multidisciplinary teams, and work independently as well as in a team. Required
Experience providing Tier II support for security operations and recommending continue security enhancements for existing infrastructure. Required
In-depth experience at Federal cybersecurity frameworks (NIST SP 800‑53, FISMA, FedRAMP) authorization process. Preferred
Proven background in threat modeling, risk assessment, and designing resilient security architecture. Preferred
Advanced experience implementing secure DevOps/DevSecOps practices, specifically focus on CI/CD pipeline and automating security gates. Preferred
Knowledge of cloud security AWS and container security (Docker, Kubernetes). Preferred
Certifications :
Certified Secure Software Lifecyle Professional (CSSLP) Required
GIAC Certified Web Application Defender (GWEB) Required
EC-Council Certified Application Security Engineer (CASE) Required
OffSec Web Expert (OSWE) Required
Offensive Security Certified Professional (OSCP) Required
Security+ Required
GSEC Required