Application Security & Web/App Scanning Engineering SME

Our client is seeking a Application Security & Web/App Scanning Engineering SME. This role supports a Homeland Security client by providing deep expertise in web and application security scanning, penetration testing, and stakeholder communication. The SME will help identify, articulate, and remediate security risks, bridging technical depth with effective communication to a range of stakeholders.

Responsibilities

• Lead and perform dynamic application security testing (DAST), static application security testing (SAST), and manual penetration testing.

• Configure, optimize, and operate scanning tools such as Burp Suite, Fortify SSC, WebInspect, and OWASP ZAP.

• Translate complex security findings into clear, actionable insights for internal teams and federal partners.

• Develop and deliver briefings, executive summaries, and presentations for leadership audiences.

• Collaborate with engineering, operations, system owners, and compliance teams to remediate findings.

• Contribute to secure software development lifecycle (SDLC) practices and application security policy development.

Qualifications

• Bachelor’s degree required.

• 8+ years of hands-on experience in web and application security, including scanning and penetration testing.

• Strong knowledge of OWASP Top 10, CVSS, and secure coding principles.

• Proficient with security scanning tools such as Fortify SSC, WebInspect, and similar platforms.

• Exceptional written and verbal communication skills, with the ability to distill complex risks for technical and non-technical audiences.

• Must be a U.S. Citizen with an active Secret clearance.