Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Web Developer Security Engineer

CMT

ABOUT US:

CMT Services Inc. is a dynamic and small business supporting Federal, State, and Local government agencies. As an SBA-certified HUBZone, Woman Owned Small Business (WOSB), we deliver quality, professional services to support the missions and strategic business goals of our clients.

Position Title: Web Developer Security Engineer

Location:

US Congressional Budget Office

Ford House Office Building, 4th floor

2nd St SW, 441 D St SW

Washington, DC 20024

Period of Performance:

08/15/2026 - 08/14/2031

Place of Performance:

Remote work; however, at CBO's discretion employees may be required to work on-site at CBO facilities


Position Summary:


Protects CBO's mission-critical web applications, APIs, and sensitive data by embedding strong security throughout the software development lifecycle - making security a proactive, built-in part of design and delivery.

Key Responsibilities:
  • Identify, analyze, and neutralize critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations.
  • Drive the end-to-end vulnerability lifecycle - proactive threat modeling, advanced security assessments, and remediation validation.
  • Support integration of security controls into application architectures, APIs, and services; advise on secure design patterns, data protection, and secure communication protocols.
  • Obtain, review, and analyze web server and application logs to detect anomalies and indicators of compromise.
  • Implement automation scripts for threat-intelligence integration; support end-to-end response to web application security events.
  • Maintain documentation of findings, remediation steps, and security controls.
  • Ensure web applications and cloud infrastructure comply with NIST SP 800-53, FISMA, and FedRAMP (as applicable); participate in audits, risk assessments, and authorization.
Required Qualifications:
  • Extensive hands-on secure software development, DevSecOps automation, and vulnerability remediation.
  • Proficiency in log analysis, file integrity monitoring (FIM), and managing web application firewalls (WAF).
  • Minimum 3 years in Web Application Security, AppSec, or secure SDLC (SSDLC).
  • Development with modern web technologies and frameworks including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL.
  • Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting (Python, JavaScript/Node.js, Java, React.js, TypeScript) to automate security monitoring and compliance audits.
  • Strong understanding of OWASP Top 10, secure coding standards, and mitigation of common web vulnerabilities.
  • Deploying, tuning, and maintaining WAF solutions tailored to custom applications and traffic patterns.
  • Configuring/managing File Integrity Monitoring (FIM) for web content directories.
  • Familiarity with security testing tools - Wireshark, SIEM, IDS/IPS, NDR, or EDR.
  • Evaluating/recommending/implementing security controls for mobile device and mobile-web interfaces.
  • Performing complex risk assessments, analyzing cyber threats, and providing remediation guidance for core systems and dependencies.
  • Implementing DevSecOps principles - integrating security controls throughout the CI/CD pipeline.
  • Developing security metrics, managing compliance reporting, and auditing systems against baselines.
  • Effective cross-team collaboration and independent work; providing Tier II support for security operations.
Education:
  • Bachelor's degree (or higher) in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.
Certification:
  • Specialized AppSec: CSSLP (Certified Secure Software Lifecycle Professional); GWEB (GIAC Certified Web Application Defender); CASE (EC-Council Certified Application Security Engineer).
  • Offensive Security: OSWE (OffSec Web Expert); OSCP (Offensive Security Certified Professional).
  • Foundational Security: Security+; GSEC.

Join Our Team:

At CMT Services, we believe that extraordinary results come from empowering exceptional people. If you're ready to lead innovative projects, solve complex challenges, and contribute to meaningful infrastructure development while advancing your career in a supportive, collaborative environment, we want to hear from you.

Disclaimer:


By submitting your resume for this job posting, you authorize CMT Services, Inc. to forward your resume to all applicable internal and external managers, agencies, and recruitment personnel for review and consideration to hire.
Vacancy posted 4 days ago
Similar jobs that could be interesting for youBased on the Web Developer Security Engineer in Washington DC vacancy
  • We are seeking a Web Developer / Application Security (AppSec) Engineer with expertise in secure software development and application security. The ideal candidate will have experience implementing Secure SDLC (SSDLC), DevSecOps automation, vulnerability remediation, and... 
    Suggested
    Local area

    ASSYST

    Washington DC
    3 days ago
  •  ...support the federal government’s most critical national security and defense priorities, helping protect the nation, strengthen...  ...is where your next mission begins. Ardent is seeking a Web Developer Security Engineer to join our team. This position is based in Washington,... 
    Suggested
    Local area
    Remote work
    Flexible hours

    Ardent Management Consulting Inc

    Washington DC
    3 days ago
  • Ardent Management Consulting, Inc in Washington, DC is seeking a Web Developer Security Engineer to enhance the security of mission-critical web applications and cloud environments. This role entails integrating security throughout the software development lifecycle, remediating... 
    Suggested

    Ardent Management Consulting, Inc

    Washington DC
    3 days ago
  • $110k - $135k

     ...POSITION OVERVIEW Reporting to the Program Manager, the Web Developer Embeds security across the SDLC for mission-critical web apps, APIs, and...  ...analysis, FIM, WAF management ~3+ Web AppSec / AppSec Engineering / SSDLC ~ Modern web tech incl. .NET (C# MVC, WCF), HTML... 
    Suggested

    BaseCamp Consulting & Solutions

    Washington DC
    15 days ago
  • $115k - $190k

     ...Job Description Job Description Web Developer Security Engineer Clearance Requirement: Public Trust (Tier 2) Location: Remote/Hybrid (as approved by customer) Position Overview: Nationwide IT Services (NIS) is seeking a Web Developer Security Engineer to support... 
    Suggested
    Remote work

    Nationwide IT Services

    Washington DC
    25 days ago
  • Job Overview Front End Developer - Senior Hybrid (first 60 days on-...  ...maintenance of modern, user‑focused web applications that support...  ...with UX designers, backend engineers, and product teams to...  ...important role in delivering secure, scalable, and reliable front... 

    BOAB Ventures

    Washington DC
    3 days ago
  • A government services contractor is seeking a Full Stack Web Developer to support enterprise-wide data initiatives. The role entails software application development, testing strategy development, and team collaboration to create integrated solutions. Candidates should... 
    For contractors

    CGS Federal (Contact Government Services)

    Washington DC
    1 day ago
  • Accenture Federal Services is seeking a seasoned Full Stack Developer to design and deliver end‑to‑end applications—from database to API...  ...authentication. Expect AWS, Terraform, GitLab, and DevSecOps practices in a secure, multi‑partition environment. #J-18808-Ljbffr Accenture... 

    Accenture Federal Services

    Suitland, MD
    2 days ago
  • A government service provider based in Virginia is seeking a Full Stack Web Developer to enhance software applications within various teams. The ideal candidate will have 11 years of experience and a Bachelor's degree in a related field, showcasing expertise in JavaScript... 
    Flexible hours

    CGS Federal (Contact Government Services)

    Arlington, VA
    1 day ago
  • $120k - $155k

    Syntelligent Analytic Solutions, LLC is hiring a Full Stack Developer to support Federal Government initiatives. The role includes collaborating in a product team to develop backend and frontend solutions, ensuring high code quality, and automating processes. Required skills... 

    Syntelligent Analytic Solutions

    Washington DC
    2 days ago
  • $98.5k - $184.9k

    A leading technology consulting firm is looking for a skilled UI/UX Engineer/Designer to enhance user interfaces for web applications. The ideal candidate will conduct user research and develop intuitive designs that meet accessibility standards. Responsibilities include... 

    Accenture

    Arlington, VA
    2 days ago
  • Web Application Developer - Mid Hybrid (first 60 days on-site then transitions to hybrid) Clearance: Top Secret (will be processed for SCI and...  ...development standards, governance practices, and security guidelines. Communicate project status, risks, and technical... 

    BOAB Ventures

    Washington DC
    3 days ago
  • $62 - $73 per hour

    Full Stack Java Developer (Senior) Rate: $62-73/hr (Can potentially flex for more senior level candidates) Location: Hybrid / On-Site Clearance...  ...Agile environment. This role will be responsible for building secure backend services, modern user interfaces, database solutions,... 
    Flexible hours

    BOAB Ventures

    Washington DC
    3 days ago
  •  ...in Bethesda, MD, seeks a Sr. Full Stack Developer to design, build, and maintain systems...  ...a DevOps environment. You will work on security-focused software, cloud environments, and...  .... Candidates should have 8+ years in engineering with Java/Angular/Spring, experience with... 

    Leidos Inc

    Bethesda, MD
    2 days ago
  • $174k - $253k

    Senior Security Engineer, AI/ML, National Security, Public Sector Job Level Mid Location and Working Conditions Washington D.C., DC, USA;...  ...maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively... 
    Temporary work
    Work at office
    Local area
    Remote work
    Worldwide

    Google

    Washington DC
    3 days ago
  • Washington DC We are seeking an experienced Endpoint Engineering & Security Engineer with 8+ years of IT, endpoint engineering, or cybersecurity experience . The ideal candidate will have hands‑on expertise in Windows and macOS workstation imaging, Microsoft Intune, Windows... 
    Local area

    ASSYST, Inc.

    Washington DC
    3 days ago
  • $40 per hour

    A cybersecurity firm is seeking experienced cybersecurity professionals to evaluate AI-generated security content, solve technical problems, and provide feedback to improve AI systems. This is a flexible remote position, allowing you to work on chosen projects within a... 
    Remote job
    Hourly pay
    Flexible hours

    DataAnnotation

    Washington DC
    1 day ago
  • M.C. Dean, Inc. is looking for a Security Systems Engineer 3 in Washington, DC. You will be integral in designing and maintaining electronic security systems for various clients. The role demands collaboration with multidisciplinary teams and requires an active SECRET Clearance... 

    M.C. Dean, Inc.

    Washington DC
    3 days ago
  •  ...Support. This position entails employing software development techniques to solve complex analytical challenges critical to national security. Successful candidates will have strong development skills in various programming languages and tools, facilitating the automation... 
    Full time

    BE / RenXTech

    Arlington, VA
    1 day ago
  • Okta is seeking a Staff Product Security Engineer in Washington to enhance security across AI-driven platforms. You will conduct offensive research and perform security assessments on innovative systems. The ideal candidate has at least 7 years of experience in information... 

    Okta

    Washington DC
    3 days ago
  • $166k - $253k

     ...vision, sensor fusion, and networking technology to the military in months, not years. About The Job We’re seeking a Security Software Engineer to develop novel security tooling for securing embedded Linux systems and Android devices. The ideal candidate can develop,... 
    Relocation package

    Anduril Industries

    Washington DC
    3 days ago
  • $130k - $175k

    A pioneering aerospace company in Washington, D.C. seeks a Security Software Engineer responsible for developing security features and building security infrastructure for national security efforts. The ideal candidate has a Bachelor's degree in a STEM field or equivalent... 

    SpaceX

    Washington DC
    3 days ago
  • $174k - $239k

    Secure Every Identity, from AI to Human Identity is the key to unlocking the potential...  ...talk. We are looking for a Staff Software Engineer that will join the Auth0 Security...  ...provide maximum protection with minimum developer friction. Identity & Access Management... 
    Permanent employment
    Local area
    Worldwide
    Flexible hours

    Okta

    Washington DC
    3 days ago
  • Role, Inc. is seeking a Security Engineer III to lead security audits of Amazon's systems, identify security risks, and develop robust security frameworks. This position requires extensive experience in vulnerability assessment, penetration testing, and communication of... 

    ROLE

    Washington DC
    3 days ago
  • BOAB Ventures is seeking a Software Engineer to develop and maintain full stack software applications...  ..., Go, or similar). Experience with web frameworks, relational and/or non‑relational...  ...best practices, design patterns, and secure coding principles. Experience with... 

    BOAB Ventures

    Washington DC
    3 days ago
  • The Software Engineering Institute of Carnegie Mellon University in Arlington is seeking a Senior AI Security Software Engineer. This role involves developing machine learning-based solutions to enhance AI security for critical infrastructure. Candidates must have significant... 
    Flexible hours

    Software Engineering Institute | Carnegie Mellon University

    Arlington, VA
    3 days ago
  • $180k - $220k

    STR is seeking a Lead Software Engineer / Back-End Developer located in Arlington, VA. The successful candidate will implement software solutions...  ...components. Candidates must hold an active Top Secret security clearance and have extensive experience in software engineering... 

    STR

    Arlington, VA
    3 days ago
  • Expression is looking for a Full Stack Developer to enhance our team in Washington, DC. This role requires proficiency in both front-end and back-end development, offering the chance to work on innovative applications. The ideal candidate should possess strong technical... 

    Expression

    Washington DC
    2 days ago
  • Accenture Federal Services is looking for a Security Engineering Lead in Arlington, VA. This role involves managing the engineering and sustenance of the security infrastructure for CBP SOC. You will lead a team responsible for the full lifecycle management of security... 

    Accenture Federal Services

    Arlington, VA
    3 days ago
  • Okta is seeking a Staff Product Security Engineer based in Washington, DC. The role involves conducting comprehensive security reviews, guiding engineering teams, and managing retention strategies for vulnerabilities. Candidates should have expertise in authentication protocols... 

    Okta, Inc.

    Washington DC
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Web Developer Security Engineer. Be the first to apply!