Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Web Application Security Engineer (AppSec / DevSecOps)

Essnova Solutions, Inc.

Job Description

Job Description

Location: Washington, DC Metropolitan Area (Hybrid)

Employment Type: Full-Time

Clearance: Public Trust (Tier 2) or ability to obtain*

About Essnova Solutions

Essnova Solutions is a growing technology consulting firm delivering innovative IT, cloud, cybersecurity, engineering, and digital transformation solutions to Federal Government clients. We are committed to technical excellence, collaboration, and providing our employees with opportunities to solve complex mission challenges.

Position Summary

Essnova Solutions is seeking an experienced Web Application Security Engineer to support a federal customer by integrating security throughout the software development lifecycle (SDLC) and protecting enterprise web applications and APIs from evolving cyber threats. The ideal candidate has experience with application security, secure software development, vulnerability management, DevSecOps, and federal cybersecurity frameworks.

Key Responsibilities
  • Embed security throughout the Software Development Lifecycle (SDLC).
  • Perform web application vulnerability assessments, penetration support, and threat modeling activities.
  • Identify, prioritize, and remediate application security vulnerabilities.
  • Implement secure coding standards aligned with OWASP Top 10 and industry best practices.
  • Configure and maintain Web Application Firewalls (WAF) and application security controls.
  • Integrate application security tools into CI/CD pipelines and DevSecOps workflows.
  • Monitor application logs and investigate security events affecting web applications and APIs.
  • Collaborate with software developers, DevOps engineers, and cybersecurity teams to improve application security posture.
  • Support compliance with NIST, FISMA, FedRAMP, and other federal cybersecurity standards.
  • Develop security documentation, technical recommendations, and remediation guidance.
Required Qualifications
  • Experience in Application Security (AppSec), Web Application Security, or Product Security.
  • Strong knowledge of secure software development practices and Secure SDLC.
  • Experience performing vulnerability assessments, threat modeling, and application security testing.
  • Knowledge of OWASP Top 10, common web application vulnerabilities, and remediation techniques.
  • Experience implementing or supporting Web Application Firewalls (WAF).
  • Experience integrating security into CI/CD pipelines and DevSecOps environments.
  • Familiarity with federal cybersecurity frameworks including NIST and FedRAMP.
  • Excellent analytical, troubleshooting, and communication skills.
Preferred Qualifications
  • Experience with SAST, DAST, Software Composition Analysis (SCA), or similar application security tools.
  • Experience with secure code reviews and developer security training.
  • Experience supporting cloud-native applications within AWS and/or Microsoft Azure.
  • Experience supporting federal government or highly regulated environments.
  • Relevant security certifications such as:
    • CSSLP
    • OSCP
    • OSWE
    • GWEB
    • CASE
    • Security+
    • GSEC
Clearance
  • Public Trust (Tier 2) clearance or the ability to obtain and maintain one.*
Why Join Essnova?

At Essnova Solutions, you'll join a collaborative team supporting high-impact federal technology initiatives. We invest in our employees by providing opportunities to work with modern cloud technologies, cybersecurity best practices, and mission-critical systems that make a real difference.

Vacancy posted 9 days ago
Similar jobs that could be interesting for youBased on the Web Application Security Engineer (AppSec / DevSecOps) in Washington DC vacancy
  •  ...seeking a highly skilled Web Developer Security Engineer to support the design, development...  ...maintenance of secure web applications and cybersecurity...  ...in Application Security (AppSec), Secure Software Development Lifecycle (SSDLC), DevSecOps automation, vulnerability... 
    Suggested
    Contract work
    Temporary work
    Worldwide
    Flexible hours

    Loch Harbour Group Inc

    Washington DC
    6 days ago
  • $110k - $135k

     ...cybersecurity, and cutting-edge application development. We pride...  ...Program Manager, the Web Developer Embeds security across the SDLC for...  ...secure software dev, DevSecOps automation, vulnerability...  ...management ~3+ Web AppSec / AppSec Engineering / SSDLC ~ Modern web... 
    Suggested

    BaseCamp Consulting & Solutions

    Washington DC
    28 days ago
  •  ...Evolver Federal is seeking a Senior Security Engineer to fulfill a requirement for a potential...  ...Lead efforts to integrate security into DevSecOps pipelines and CI/CD workflows. Provide...  ...federal systems and mission‑critical applications. Understanding of advanced threat... 
    Suggested
    Contract work
    Flexible hours

    EmergencyMD

    Washington DC
    2 days ago
  • $86.8k - $198k

     ...Job Number: R0241887 Cyber Engineer The Opportunity Are you looking...  ...to enable a vital national security system to operate in...  ...technical role employing DevOps or DevSecOps concepts, including provisioning...  ...secure code, OWASP, or application penetration testing or remediation... 
    Suggested
    Full time
    Contract work
    Part time
    Work at office
    Local area

    Phase2 Technology

    Arlington, VA
    2 days ago
  • $127.5k - $276.2k

     ...Position Security Engineer III – Permanent Full Time Location Washington, District of Columbia, United...  ...access control modernization. Implement DevSecOps security enhancements and secure integration pipelines. Support application hardening, vulnerability remediation, and... 
    Suggested
    Permanent employment
    Full time
    Work at office
    Local area

    CGI Njoyn

    Washington DC
    4 days ago
  • $131.3k - $237.35k

     ...next Senior Cloud Cybersecurity Engineer , to play a critical role in the...  ...systems Implement and manage security controls for containerized applications and the underlying cloud-based...  ...infrastructure Collaborate with DevSecOps, infrastructure, and software... 
    Interim role
    Local area
    Immediate start
    Flexible hours

    Leidos

    Hyattsville, MD
    6 days ago
  • $140k - $170k

     ...Security & Compliance Engineer Join to apply for the Security & Compliance Engineer role at Nominal...  ...secure, vetted third‑party software, applications, and libraries. Communicate the Standard...  .... ~ General knowledge of DevSecOps and infrastructure concepts, with the... 
    Permanent employment
    H1b
    Visa sponsorship
    Work visa

    Nominal

    Washington DC
    2 days ago
  •  ...seeking a Full Stack Application Developer to support our...  ...enhance, and maintain web applications and...  ...components to deliver secure, reliable digital capabilities...  ...tools, platforms, or engineering practices relevant to...  ...delivery, testing, DevSecOps, or performance engineering... 
    Contract work

    Rividium Inc

    Alexandria, VA
    2 days ago
  •  ...Federal is seeking a Senior Security Architect to fulfil a requirement...  .... Collaborate with SOC, engineering, and operations teams to...  ...security controls into systems and applications. Lead architecture efforts...  ...integrating security into DevSecOps pipelines and CI/CD environments... 
    Flexible hours

    EmergencyMD

    Washington DC
    2 days ago
  •  ...Senior Cybersecurity Engineer Role Summary The Senior Cybersecurity...  ...systems, and enterprise applications. Working across on-premises,...  ...technology environment remains secure, compliant, and resilient...  ...Zero Trust Architecture and DevSecOps practices. Preferred Certifications... 
    Full time
    Local area

    Page Mechanical Group Inc

    Washington DC
    3 days ago
  • $108k - $156k

     ...hiring, posted today. applications are still in the early...  ...thinkers and feelers, engineers and artists. We work hard...  ..., and user-friendly web applications that...  ...Engineers to deliver secure, scalable, and intuitive...  ...coding practices and DevSecOps principles.### Desired... 
    Full time
    Remote work

    TryApplyNow

    Washington DC
    1 day ago
  •  ...Job Description Job Description Web Developer Security Engineer Clearance Requirement: Public Trust...  ...Security Engineer to support application security initiatives across web applications...  ...design, vulnerability management, DevSecOps integration, security monitoring,... 
    Remote work

    Nationwide IT Services

    Washington DC
    8 days ago
  •  ...Network Security Engineer (Cisco, Palo Alto) About Us: We are a dynamic technology services company based in Washington, DC, specializing in cutting-edge network solutions. We are seeking a skilled Network Engineer to join our team to ensure the seamless operation... 
    Remote work

    Elios

    Washington DC
    1 day ago
  • $99k - $225k

     ...Senior Vulnerability Analyst to join our Security Operations Center (SOC). The role...  ...environments with SOC operations and cybersecurity engineers. Proficiency with enterprise...  ...or Tenable. Bachelor’s degree. Vetting Applicants will be subject to a government investigation... 
    Local area

    Booz Allen Hamilton

    Washington DC
    3 days ago
  •  ...We are seeking a Subject Matter Expert (SME)–level Lead Security Engineer to lead application security across a large-scale, cloud-native federal...  ...phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology. The ideal candidate will architect and enforce... 
    Contract work
    Work at office
    Flexible hours

    Onyx Government Services,LLC

    Suitland, MD
    4 days ago
  •  ...for the Full Stack Software Engineer role at Bridge Defense...  ...provide full-spectrum national security solutions that combine secure...  ...deploy advanced software applications across the government and defense...  ..., Docker) ~ Experience in DevSecOps and CI/CD best practices ~... 
    Work at office
    Remote work
    Relocation
    Flexible hours

    Bridge Defense

    Washington DC
    3 days ago
  •  ...The Senior Federal Information Systems Security Engineer (ISSE) serves as a technical integrator responsible for ensuring that system-to-system connections across federal boundaries are properly documented, approved, and compliant with all required cybersecurity and interoperability... 
    Contract work
    Work experience placement
    Relocation

    Ll Oefentherapie

    Arlington, VA
    2 days ago
  • $117.2k - $146.6k

     ...stored energy solutions for industrial applications. We have over thirty manufacturing and...  ...location. Job Purpose The Application Security Engineer is responsible for strengthening the...  ...application security, secure development, or DevSecOps. Demonstrated experience building and... 
    Full time
    Temporary work
    Work experience placement
    Work at office
    Local area
    Remote work
    Worldwide

    EnerSys Delaware Inc.

    Washington DC
    17 hours ago
  • $100k - $125k

     ...updates as new positions become available. Security Clearance: TS/SCI w/ CI Poly...  ...Requirements: Mobile Software Reverse Engineering (with support to development and malware...  ...Conduct software exploitation against applications, middleware, operating systems (OS) user... 
    Full time
    Work experience placement

    Amatriot Group, LLC

    Bethesda, MD
    2 days ago
  • $112k - $179k

     ...Requirements: Mobile Software Reverse Engineering (supporting development and malware analysis...  ...Conduct software exploitation against applications, middleware, operating systems (OS)...  ...Peraton is a next-generation national security company supporting missions worldwide.... 
    Work experience placement
    Worldwide

    Peraton

    Bethesda, MD
    3 days ago
  •  ...IT Security Engineer Zetier seeks experienced IT Security Engineer to support, manage, and secure our rapidly expanding infrastructure. Candidates will demonstrate experience in maintainingmeida deploying, and troubleshooting segmented IT systems. Strong candidates will... 

    Zetier, Inc.

    Arlington, VA
    2 days ago
  •  ...today! Position Overview We are seeking an experienced Senior Security Engineer to work in Washington DC to join our team supporting an...  ...meeting all accounting and accessibility standards. Support for Applications and Databases: Provide security support across a range of... 
    For contractors
    Work at office
    Local area

    DirectViz Solutions

    Washington DC
    3 days ago
  •  ...Overview Role Summary: The Cyber Security Engineer is responsible for developing and implementing security measures to protect the company's systems and data. Responsibilities Develop and implement security measures. Conduct security assessments and audits... 

    Beyond SOF

    Washington DC
    1 day ago
  •  ...Who we are SEI helps advance software engineering principles and practices and serves as...  ...resource in software engineering, computer security, and process improvement. The SEI works...  ...or must be obtained upon request. Applicants must also meet additional customer-specific... 
    Work at office
    Relocation package

    Acord (association For Cooperative Operations Research And D...

    Arlington, VA
    3 days ago
  •  ...Join to apply for the Security Engineer role at HireCapital Join to apply for the Security Engineer role at HireCapital Direct message the job poster from HireCapital Technical Recruiter placing talent at innovative and mission-driven organizations... 
    Permanent employment
    Full time
    Work at office
    Remote work

    HireCapital

    Washington DC
    2 days ago
  • $75k - $95k

     ...Join to apply for the Junior Security Engineer role at Tyto Athene, LLC Join to apply for the Junior Security Engineer role at...  ...a SIEM for analysis Familiar with multi-tiered network applications, common ports, and protocols used in those communications... 
    16 hours
    Full time
    Work experience placement
    Remote work

    Tyto Athene, LLC

    Washington DC
    4 days ago
  • $166k - $220k

     ...the military in months, not years. ABOUT THE TEAM Anduril's Security Engineering team is looking for a security engineer to focus on...  ...candidate data privacy policy, please visit By submitting your application, you consent to Anduril Industries using a third-party service... 
    Full time
    Work experience placement
    Immediate start

    Anduril Industries

    Washington DC
    2 days ago
  •  ...Join to apply for the Security Engineer role at Jobright.ai 3 days ago Be among the first 25 applicants Join to apply for the Security Engineer role at Jobright.ai Jobright is an AI-powered career platform that helps job seekers discover the top opportunities... 
    Full time
    Remote work

    jobright.com

    Washington DC
    2 days ago
  • 3 days ago Be among the first 25 applicants Responsibilities & Qualifications...  ...Coordinate with the SOC on escalated security incidents. Required Qualifications...  ...We are seeking a Lead – Security Engineer to join our team supporting the Transportation... 
    Full time
    Contract work
    Temporary work
    Work at office
    Monday to Friday
    Weekend work
    Day shift
    Afternoon shift

    TekSynap

    Washington DC
    2 days ago
  •  ...Security Engineer Location: Washington, D.C (On-site M-F at JBAB) Duration: Full Time Clearance: Security Clearance: TS/SCI + required and...  ...security infrastructure such as IDSs and HBSS, ensuring system and application performance and health monitoring. Develop and maintain... 
    Full time

    Scout Solutions Inc Defunct

    Washington DC
    2 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Web Application Security Engineer (AppSec / DevSecOps). Be the first to apply!