Web Application Security Engineer (AppSec / DevSecOps)
Essnova Solutions, Inc.
Location: Washington, DC Metropolitan Area (Hybrid)
Employment Type: Full-Time
Clearance: Public Trust (Tier 2) or ability to obtain*
About Essnova Solutions
Essnova Solutions is a growing technology consulting firm delivering innovative IT, cloud, cybersecurity, engineering, and digital transformation solutions to Federal Government clients. We are committed to technical excellence, collaboration, and providing our employees with opportunities to solve complex mission challenges.
Position Summary
Essnova Solutions is seeking an experienced Web Application Security Engineer to support a federal customer by integrating security throughout the software development lifecycle (SDLC) and protecting enterprise web applications and APIs from evolving cyber threats. The ideal candidate has experience with application security, secure software development, vulnerability management, DevSecOps, and federal cybersecurity frameworks.
Key Responsibilities
- Embed security throughout the Software Development Lifecycle (SDLC).
- Perform web application vulnerability assessments, penetration support, and threat modeling activities.
- Identify, prioritize, and remediate application security vulnerabilities.
- Implement secure coding standards aligned with OWASP Top 10 and industry best practices.
- Configure and maintain Web Application Firewalls (WAF) and application security controls.
- Integrate application security tools into CI/CD pipelines and DevSecOps workflows.
- Monitor application logs and investigate security events affecting web applications and APIs.
- Collaborate with software developers, DevOps engineers, and cybersecurity teams to improve application security posture.
- Support compliance with NIST, FISMA, FedRAMP, and other federal cybersecurity standards.
- Develop security documentation, technical recommendations, and remediation guidance.
Required Qualifications
- Experience in Application Security (AppSec), Web Application Security, or Product Security.
- Strong knowledge of secure software development practices and Secure SDLC.
- Experience performing vulnerability assessments, threat modeling, and application security testing.
- Knowledge of OWASP Top 10, common web application vulnerabilities, and remediation techniques.
- Experience implementing or supporting Web Application Firewalls (WAF).
- Experience integrating security into CI/CD pipelines and DevSecOps environments.
- Familiarity with federal cybersecurity frameworks including NIST and FedRAMP.
- Excellent analytical, troubleshooting, and communication skills.
Preferred Qualifications
- Experience with SAST, DAST, Software Composition Analysis (SCA), or similar application security tools.
- Experience with secure code reviews and developer security training.
- Experience supporting cloud-native applications within AWS and/or Microsoft Azure.
- Experience supporting federal government or highly regulated environments.
- Relevant security certifications such as:
- CSSLP
- OSCP
- OSWE
- GWEB
- CASE
- Security+
- GSEC
Clearance
- Public Trust (Tier 2) clearance or the ability to obtain and maintain one.*
Why Join Essnova?
At Essnova Solutions, you'll join a collaborative team supporting high-impact federal technology initiatives. We invest in our employees by providing opportunities to work with modern cloud technologies, cybersecurity best practices, and mission-critical systems that make a real difference.
Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Web Application Security Engineer (AppSec / DevSecOps) in Washington DC vacancy
$110k - $135k
...cybersecurity, and cutting-edge application development. We pride... ...Program Manager, the Web Developer Embeds security across the SDLC for... ...secure software dev, DevSecOps automation, vulnerability... ...management ~3+ Web AppSec / AppSec Engineering / SSDLC ~ Modern web...Suggested- ...is looking for a Subject Matter Expert (SME)-level Lead Security Engineer to lead application security for a federal modernization program. This role... ...experience in security integration, particularly in a DevSecOps environment. Candidates should have over 15 years in IT...Suggested
- ...Collaborate with a team of engineers to implement *** specific security policies in the CI/... ...SAST, DAST and SCA applications. Work with... ...at a code level in web and mobile... ...Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource... ...Experience with DevSecOps, Secure SDLC. DevOps...SuggestedContract workWork experience placement
US Tech Solutions
Arlington, VA1 day ago - A prominent consulting firm in Washington, DC is seeking a Security Architect to provide comprehensive support for IT security initiatives. The role requires assessing current systems, developing strategic plans for security improvements, and ensuring adherence to security...Suggested
$140k - $165k
...Senior Product Security Engineer Uplight is creating a new category... ...Perform Security Architecture, AppSec and Risk Assessments.... ...Advanced experience in securing applications and application settings... ...Experience with modern DevSecOps practices including implementing...SuggestedLocal areaFlexible hoursShift workupLIGHT
Washington DC3 days ago$120k - $155k
Bridge Defense, located in Washington, D.C., seeks a Cloud Engineer to support national security efforts by applying cloud technologies and DevSecOps methodologies. The ideal candidate will possess an active TS/SCI clearance, with expertise in cloud architecture using...$120k - $155k
Federated IT is seeking a skilled cloud engineer in Washington, DC to provide expertise in various cloud technologies. The role includes... ...projects, understanding customer needs, and implementing DevSecOps processes. The successful candidate will possess strong communication...$105k - $108k
...INFOSOL LLC seeks a highly motivated Junior DevOps Engineer to join our team in Washington, DC. This full-time role involves designing and deploying DevSecOps infrastructure tools, managing Linux servers, and integrating security practices throughout the development...Full time- A technology solutions provider in Washington, DC, is seeking a DevSecOps Engineer to support CI/CD pipeline implementation and security integration. The ideal candidate will have 5+ years of software development experience and hands-on knowledge of DevOps practices. Key...Remote job
- Softtek Government Solutions is seeking a Mid-Level DevSecOps Engineer in Washington, DC to support the Congressional Budget Office. This role... ...automation, CI/CD pipelines, container orchestration, and security practices. The ideal candidate must be a U.S. Citizen with...Work at office
- VetsEZ is seeking a remote DevSecOps Engineer to support secure software delivery on a federal healthcare project. The role involves building CI/CD pipelines, implementing automated solutions, and collaborating with teams to enhance deployment reliability. The ideal candidate...Remote job
- INflow Federal in Arlington is seeking a DevSecOps Engineer to lead the automation of CI/CD pipelines for a case management solution supporting... ...with Docker and Kubernetes, and a strong understanding of security compliance. Candidates should have a Bachelor’s degree in a...Remote job
- Edgewaterit is looking for a DevSecOps Engineer to enhance its hybrid cloud infrastructure through established DevSecOps practices. This role... ...work with containerization and Kubernetes, ensuring robust security integration and compliance throughout the delivery process....
- Edgewater Federal Solutions, Inc. is seeking a DevSecOps Engineer to enhance cloud infrastructure through automation, CI/CD, and security practices. The engineer will integrate security within CI/CD pipelines and maintain infrastructure using Terraform and Ansible. Candidates...
$149k - $248k
...DC is looking for a Sr. Software Developer with at least 8 years of experience in full-stack application development, particularly within federal IT systems focusing on security and compliance. The role involves designing scalable applications, ensuring adherence to...$210k - $230k
Upside is seeking an experienced Security Engineer to identify and mitigate application vulnerabilities. This role requires expertise in application security and a deep understanding of AWS architecture. Responsibilities include innovating security solutions and conducting...Work at office$120k - $155k
Syntelligent Analytic Solutions, LLC is hiring a Full Stack Developer to support Federal Government initiatives. The role includes collaborating in a product team to develop backend and frontend solutions, ensuring high code quality, and automating processes. Required skills...- ...Description We are seeking a highly skilled Security Engineer to join our team, specializing in... ..., Process Automation, Cloud, DevSecOps, Data and Analytics, and Cyber Security... ...Strategies is committed to complying with all applicable provisions of the Americans with...Local areaImmediate start
NetImpact Strategies
Bethesda, MD1 day ago $86.8k - $198k
...is hiring a mid-level Cyber Engineer. This is a full-time role in... ...to enable a vital national security system to operate in compliance... ...role employing DevOps or DevSecOps concepts, including provisioning... ...secure code, OWASP, or application penetration testing or remediation...Full timeContract workPart timeWork at officeLocal areaRemote workTryApplyNow
Arlington, VA3 days ago- ...be eligible to obtain a DoD security clearance The Role We... ...seeking a Senior Security Engineer to strengthen cloud and software... ...mission-critical cloud applications and maintaining compliance with... ...(Not Required) DevSecOps Expertise: Experience with...Work at office
Select Source Solutions
Washington DC3 days ago - ...Consulting Group, Inc. is seeking candidates to support enterprise web, client-server, or cloud-hosted applications. Ideal candidates will have over 3 years of relevant experience and be familiar with DevSecOps, including tools like Ansible, Terraform, Docker, and...Contract work
- ...Senior Security Engineer Evolver Federal is seeking a Senior Security Engineer to fulfill... ...Lead efforts to integrate security into DevSecOps pipelines and CI/CD workflows. Provide... ...PTO and parental leave) in accordance with our applicable plans and policies....Contract workFlexible hours
Evolver Federal
Washington DC2 days ago - ...Senior Network Security Engineer II As a Senior Network Security Engineer II you will lead... ...highly desirable. Familiarity with DevSecOps and security monitoring in CI/CD... ...applying for this job, you agree to Aledade's Applicant Privacy Policy available at...Remote workFlexible hours
Aledade, Inc.
Washington DC23 days ago $98.5k - $184.9k
A leading technology consulting firm is looking for a skilled UI/UX Engineer/Designer to enhance user interfaces for web applications. The ideal candidate will conduct user research and develop intuitive designs that meet accessibility standards. Responsibilities include...- ...Federal is seeking a Senior Security Architect to fulfil a requirement... .... Collaborate with SOC, engineering, and operations teams to... ...security controls into systems and applications. Lead architecture efforts... ...integrating security into DevSecOps pipelines and CI/CD environments...Flexible hours
EmergencyMD
Washington DC5 days ago $87.1k - $157.45k
...Description The Journeyman Full Stack Application Developer will provide software development... ...adhere to DoD cybersecurity and secure coding standards. Support lifecycle management... ...or DoD financial systems. Knowledge of DevSecOps tools, CI/CD pipelines, and automated testing...Leidos
Bethesda, MD4 hours ago- Offensive Security & Code Analysis Engineer Washington, DC Remote Full-Time About This Role As an Offensive... ...• Conduct penetration testing of web applications, networks, and cloud environments... ..., Azure, GCP) + Familiarity with DevSecOps and CI/CD security integration +...Full timeRemote work
$86.8k - $198k
...requisition id: R0241887Cyber Engineer**The Opportunity:**Are you... ...to enable a vital national security system to operate in compliance... ...role employing DevOps or DevSecOps concepts, including provisioning... ...secure code, OWASP, or application penetration testing or remediation...Full timeContract workPart timeWork at officeLocal areaRemote work- ...seeking a Full Stack Application Developer to support our... ...enhance, and maintain web applications and... ...components to deliver secure, reliable digital capabilities... ...tools, platforms, or engineering practices relevant to... ...delivery, testing, DevSecOps, or performance engineering...Contract work
Rividium Inc
Alexandria, VA5 days ago $140k - $160k
...Overview Edgewater is currently seeking an Application Security Engineer who will be a hands‑on subject matter... ...of the agency’s Application Security (AppSec) program by defining security... ...Lifecycle Professional (CSSLP). GIAC Web Application Penetration Tester (GWAPT)...Contract workLocal areaRemote workEdgewater IT LLC Defunct
Washington DC1 day ago
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Web Application Security Engineer (AppSec / DevSecOps). Be the first to apply!
Related searches
- web programmer Washington DC
- junior web developer part time Washington DC
- remote contract web developer Washington DC
- ecommerce web developer Washington DC
- remote junior web developer Washington DC
- remote web developer apprenticeship Washington DC
- web api developer Washington DC
- c# .net web developer Washington DC
- senior web developer Washington DC
- content developer Washington DC