Application Security Engineer

Overview

Edgewater is currently seeking an Application Security Engineer who will be a hands-on subject matter expert in Microsoft Azure cloud technologies, application security, security architectures, security tools, and methodologies. The Application Security Engineer will support our federal customer in Washington DC. This is a hands-on technical role that will provide the right candidate with an exciting opportunity to develop the federal customer's application security program, working with developers and the organization to meet the strategic security goals of the agency.


This is a remote position but requires the candidate to work at the federal site in Washington DC at least two days a month so candidates local to the Washington, DC area strongly preferred.

Due to the contract and nature of the work, US Citizenship is required to obtain a Department of Energy security clearance.

Responsibilities

• Drive the strategic maturation of the agency's Application Security (AppSec) program by defining security standards, scaling automation, and embedding secure development practices across all product lifecycles.
• Perform SAST assessments using Veracode and GitHub Advanced Security, identifying code-level vulnerabilities and providing remediation guidance.
• Conduct and analyze DAST scans, including configuration, execution, and triage of results.
• Evaluate and prioritize vulnerabilities using industry frameworks such as CVSS, CWE, OWASP Top 10, WASC, and SANS Top 25.
• Collaborate with development, DevOps, and security teams to integrate security controls into CI/CD pipelines and the broader SDLC.
• Provide expert advice on secure coding principles and assist developers in resolving security findings.
• Troubleshoot application and connectivity issues in Linux-based environments.
• Contributes to the design and implementation of enterprise-wide application security controls.
• Ensure alignment with federal security and compliance standards, including NIST 800-53, FIPS, and FedRAMP.
• Maintain awareness of emerging threats, vulnerabilities, and best practices in application security.

Qualifications

• Experience supporting SAST/DAST environments using Veracode.
• Experience with SCA tools and vulnerability remediation
• Experience leveraging CI/CD deployment methodologies and infrastructure as code (IaC)
• Experience writing playbooks and scripts for automation tools including Terraform, Ansible for IaC
• Demonstrate proficiency with a scripting or coding language, preferably Python.
• Proficiency in automation and scripting, such as PowerShell, Python, Bash, and Terraform.
• Ability to discuss Information Security concepts such as defense in depth and zero trust.
• Demonstrate ability to communicate ideas both verbally and in writing to management, business and IT stakeholders, and technical resources in language that is appropriate for each group.
• Ability to work collaboratively with developers across multiple departments
• Ability to work effectively in a fast-paced, project-oriented environment
• Ability to analyze and prioritize vulnerabilities based on risk
• Strong technical acumen, communication, and influence skills
• Working knowledge of system hardening (CIS, STIGs regulatory compliance)
• Experience working with and supporting Unix/Linux and Windows systems.
• Experience with SCA tools and vulnerability remediation in containers
• Container orchestration and container security experience
• 3+ years in application security supporting SAST, DAST, and SCA environments
• 3+ years of experience designing and implementing application security controls
• 3+ years of experience working in Linux-based environments, including troubleshooting application and connectivity issues.
• Knowledge of federal security and compliance standards (NIST 800-53, FIPS, FedRAMP).

Preferred Qualifications:

• Experience in securing Azure cloud infrastructure (i.e., inspection, logging, WAF, VM)
• Experience with Azure DevOps
• Practical implementation and architectural experience in encryption techniques, including data at rest and in transit
• Prior experience as a software developer is highly preferred

Requirements:

• Bachelor's degree in computer science or related fields
• Minimum of 8 years of experience in Information Security or related fields
• CISSP or equivalent (CompTIA Security+, CEH, or DoD equivalent)

Preferred Certifications:

• ISC2 Certified Information Systems Security Professional (CISSP)
• ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
• GIAC Web Application Penetration Tester (GWAPT)
• Microsoft Azure Security Engineer (AZ-500)
• HashiCorp Terraform Associate (Infrastructure as Code)

Salary: $140,000 - $160,000

About Us:

Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2025.

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law.status protected by applicable law.