HiringCafe
Posted 15h ago

Web Application Security Engineer (AppSec / DevSecOps)

@ Essnova Solutions
View All Jobs
Washington, District of Columbia, United States
HybridFull Time
Responsibilities:embedding security, assessing vulnerabilities, remediating vulnerabilities
Requirements Summary:Experience in application security, secure SDLC, vulnerability assessment, WAF, CI/CD/DevSecOps integration, and familiarity with federal frameworks (NIST, FedRAMP); Public Trust clearance or ability to obtain.
Technical Tools Mentioned:SAST, DAST, Software Composition Analysis (SCA), Web Application Firewall (WAF), CI/CD, DevSecOps, AWS, Microsoft Azure, OWASP Top 10, NIST, FedRAMP
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Location: Washington, DC Metropolitan Area (Hybrid)

Employment Type: Full-Time

Clearance: Public Trust (Tier 2) or ability to obtain*

About Essnova Solutions

Essnova Solutions is a growing technology consulting firm delivering innovative IT, cloud, cybersecurity, engineering, and digital transformation solutions to Federal Government clients. We are committed to technical excellence, collaboration, and providing our employees with opportunities to solve complex mission challenges.

Position Summary

Essnova Solutions is seeking an experienced Web Application Security Engineer to support a federal customer by integrating security throughout the software development lifecycle (SDLC) and protecting enterprise web applications and APIs from evolving cyber threats. The ideal candidate has experience with application security, secure software development, vulnerability management, DevSecOps, and federal cybersecurity frameworks.

Key Responsibilities

  • Embed security throughout the Software Development Lifecycle (SDLC).
  • Perform web application vulnerability assessments, penetration support, and threat modeling activities.
  • Identify, prioritize, and remediate application security vulnerabilities.
  • Implement secure coding standards aligned with OWASP Top 10 and industry best practices.
  • Configure and maintain Web Application Firewalls (WAF) and application security controls.
  • Integrate application security tools into CI/CD pipelines and DevSecOps workflows.
  • Monitor application logs and investigate security events affecting web applications and APIs.
  • Collaborate with software developers, DevOps engineers, and cybersecurity teams to improve application security posture.
  • Support compliance with NIST, FISMA, FedRAMP, and other federal cybersecurity standards.
  • Develop security documentation, technical recommendations, and remediation guidance.

Required Qualifications

  • Experience in Application Security (AppSec), Web Application Security, or Product Security.
  • Strong knowledge of secure software development practices and Secure SDLC.
  • Experience performing vulnerability assessments, threat modeling, and application security testing.
  • Knowledge of OWASP Top 10, common web application vulnerabilities, and remediation techniques.
  • Experience implementing or supporting Web Application Firewalls (WAF).
  • Experience integrating security into CI/CD pipelines and DevSecOps environments.
  • Familiarity with federal cybersecurity frameworks including NIST and FedRAMP.
  • Excellent analytical, troubleshooting, and communication skills.

Preferred Qualifications

  • Experience with SAST, DAST, Software Composition Analysis (SCA), or similar application security tools.
  • Experience with secure code reviews and developer security training.
  • Experience supporting cloud-native applications within AWS and/or Microsoft Azure.
  • Experience supporting federal government or highly regulated environments.
  • Relevant security certifications such as:
    • CSSLP
    • OSCP
    • OSWE
    • GWEB
    • CASE
    • Security+
    • GSEC

Clearance

  • Public Trust (Tier 2) clearance or the ability to obtain and maintain one.*

Why Join Essnova?

At Essnova Solutions, you'll join a collaborative team supporting high-impact federal technology initiatives. We invest in our employees by providing opportunities to work with modern cloud technologies, cybersecurity best practices, and mission-critical systems that make a real difference.