Web Developer Security Engineer

Washington, DC, US • Posted 4 hours ago • Updated 4 hours ago
Full Time
On-site
Fitment

Dice Job Match Score™

⏳ Almost there, hang tight...

Job Details

Skills

  • Cloud Computing
  • Encryption
  • Authentication
  • API
  • Security Controls
  • Security QA
  • Threat Analysis
  • Incident Management
  • Security Engineering
  • Security Operations
  • Reporting
  • Auditing
  • Collaboration
  • Computer Science
  • Information Systems
  • Web Application Security
  • Software Development
  • Testing
  • Web Development
  • .NET
  • C#
  • mvc
  • WCF
  • HTML5
  • Cascading Style Sheets
  • Css3
  • SQL
  • Scripting
  • Python
  • JavaScript
  • Node.js
  • TypeScript
  • Java
  • React.js
  • Management
  • Firewall
  • WAF
  • FIM
  • SIEM
  • IDS
  • IPS
  • Wireshark
  • Vulnerability Assessment
  • OWASP
  • Risk Assessment
  • Vulnerability Management
  • Analytical Skill
  • Communication
  • Documentation
  • Cyber Security
  • Authorization
  • Regulatory Compliance
  • NIST SP 800 Series
  • FISMA
  • FedRAMP
  • Risk Management
  • DevSecOps
  • Continuous Integration
  • Continuous Delivery
  • Amazon Web Services
  • Cloud Security
  • Docker
  • Kubernetes
  • Threat Modeling
  • Software Development Methodology
  • Web Applications
  • Software Security
  • OSCP
  • Security+
  • GSEC
  • Information Technology
  • Professional Services
  • Productivity
  • ISO 9000
  • Quality Management
  • ISO/IEC 20000
  • IT Service Management
  • ISO/IEC 27001:2005
  • Information Security Management
  • ITIL Management
  • Business Process
  • Training And Development
  • Insurance

Summary

Overview

The Web Developer Security Engineer is responsible for securing mission-critical web applications, APIs, and supporting cloud services by integrating security throughout the Software Development Lifecycle (SDLC). This position provides application security engineering, vulnerability management, security monitoring, DevSecOps integration, compliance support, and incident response capabilities to ensure applications are resilient against evolving cyber threats. The Web Developer Security Engineer serves as a technical advisor to development teams, helping design, implement, and validate secure web application architectures while supporting federal cybersecurity compliance requirements.

Responsibilities

Application Security Engineering
  • Identify, assess, and remediate web application vulnerabilities, insecure dependencies, configuration weaknesses, and application logic flaws.
  • Support the implementation of secure coding practices, application security controls, encryption standards, authentication mechanisms, and secure API integrations.
  • Evaluate and recommend security controls for web applications, APIs, mobile-enabled applications, and supporting services.
  • Ensure applications align with OWASP Top 10 guidance, secure coding standards, and industry best practices.

DevSecOps, Monitoring & Incident Response
  • Integrate security controls into CI/CD pipelines and support automated security testing throughout the software development lifecycle.
  • Develop and maintain automation scripts to support security monitoring, threat intelligence integration, compliance validation, and vulnerability management activities.
  • Configure and maintain Web Application Firewalls (WAFs), File Integrity Monitoring (FIM) solutions, and other security monitoring capabilities.
  • Support incident response activities by investigating security alerts, validating findings, documenting remediation efforts, and recommending security improvements.
  • Provide Tier II security engineering support for complex application security issues and escalations.

Compliance, Governance & Security Operations
  • Support compliance with federal cybersecurity frameworks, including NIST SP 800-53, FISMA, and FedRAMP requirements.
  • Participate in audits, security assessments, authorization activities, and risk management processes.
  • Develop security metrics, compliance reporting, and documentation supporting audit readiness and governance requirements.
  • Conduct risk assessments and provide remediation guidance for web applications and supporting infrastructure.
  • Collaborate with developers, infrastructure teams, cybersecurity personnel, and stakeholders to improve application security posture and operational resilience.

Qualifications

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.
  • Minimum three (3) years of experience in Web Application Security, Application Security Engineering (AppSec), or Secure Software Development Lifecycle (SSDLC) activities.
  • Experience with secure software development, DevSecOps automation, vulnerability remediation, and application security testing.
  • Proficiency with modern web development technologies including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL.
  • Experience with scripting and automation using Python, JavaScript/Node.js, TypeScript, Java, React.js, or similar technologies.
  • Experience configuring and managing Web Application Firewalls (WAF), File Integrity Monitoring (FIM), and security monitoring solutions.
  • Familiarity with security tools such as SIEM, IDS/IPS, EDR, NDR, Wireshark, and vulnerability assessment platforms.
  • Strong understanding of OWASP Top 10, secure coding standards, threat modeling, risk assessment, and vulnerability management.
  • Strong analytical, troubleshooting, communication, and documentation skills.

Preferred Qualifications
  • Experience supporting federal cybersecurity authorization and compliance processes.
  • Experience with NIST SP 800-53, FISMA, FedRAMP, and risk management frameworks.
  • Experience implementing advanced DevSecOps practices and CI/CD security automation.
  • Knowledge of AWS cloud security, container security, Docker, and Kubernetes.
  • Experience designing resilient security architectures and conducting threat modeling exercises.

Preferred Certifications

Candidate must have all of the following:
  • CSSLP (Certified Secure Software Lifecycle Professional)
  • GWEB (GIAC Web Application Defender)
  • CASE (Certified Application Security Engineer)
  • OSWE (Offensive Security Web Expert)
  • OSCP (Offensive Security Certified Professional)
  • Security+
  • GSEC

Security Requirements
  • Ability to meet all government personnel security and access requirements associated with the program.

General Information

MicroTech is an award-winning Service-Disabled Veteran-Owned Small Business (SDVOSB) and experienced provider of information technology and communications. MicroTech offers a wide range of professional services focused on providing cutting-edge solutions with the customer at the forefront of every decision we make. Solving complex business challenges is our passion - we provide effective, practical solutions that can increase productivity, and decrease costs.

MicroTech has developed a well-earned reputation for best-in-class services and solutions using repeatedly proven ISO 9001 Quality Management System, ISO 20000 IT service management, ISO 27001 Information Security Management System, and ITIL management qualified business processes.

We offer great pay, amazing benefits, and our company culture is strong. MicroTech is devoted to people development and providing high achievers opportunities to grow professionally. As an employee, you are surrounded by intelligent, driven colleagues and have the benefit of a culture that is focused on bringing out the best in everyone. Our benefits include:

Insurance (medical, dental vision)
Paid Time Off (PTO): 15 days during the first year; 20 days annually after one year of service
401k Plan with Employer Matching Contribution
11 Company-Paid Holidays
Tuition Assistance
Voluntary Benefit Programs
Corporate Discounts

MicroTech is an Equal Opportunity/ Affirmative Action employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected classes.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 10184095
  • Position Id: 5c8aeac01213635874fd15832df66370
  • Posted 4 hours ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Washington, District of Columbia

Today

Full-time

Reston, Virginia

13d ago

Full-time

USD 81,499.00 - 138,549.00 per year

Remote or Washington, District of Columbia

Today

Full-time

USD 140,000.00 - 160,000.00 per year

Suitland-Silver Hill, Maryland

Today

Full-time

USD 120,000.00 - 190,000.00 per year

Search all similar jobs