Application Security & Web/App Scanning Engineering SME

Washington, DC
Full Time
Experienced

Our client is seeking a Application Security & Web/App Scanning Engineering SME. This role supports a Homeland Security client by providing deep expertise in web and application security scanning, penetration testing, and stakeholder communication. The SME will help identify, articulate, and remediate security risks, bridging technical depth with effective communication to a range of stakeholders.

Responsibilities

  • Lead and perform dynamic application security testing (DAST), static application security testing (SAST), and manual penetration testing.

  • Configure, optimize, and operate scanning tools such as Burp Suite, Fortify SSC, WebInspect, and OWASP ZAP.

  • Translate complex security findings into clear, actionable insights for internal teams and federal partners.

  • Develop and deliver briefings, executive summaries, and presentations for leadership audiences.

  • Collaborate with engineering, operations, system owners, and compliance teams to remediate findings.

  • Contribute to secure software development lifecycle (SDLC) practices and application security policy development.

Qualifications

  • Bachelor’s degree required.

  • 8+ years of hands-on experience in web and application security, including scanning and penetration testing.

  • Strong knowledge of OWASP Top 10, CVSS, and secure coding principles.

  • Proficient with security scanning tools such as Fortify SSC, WebInspect, and similar platforms.

  • Exceptional written and verbal communication skills, with the ability to distill complex risks for technical and non-technical audiences.

  • Must be a U.S. Citizen with an active Secret clearance.

Share

Apply for this position

Required*
Apply with Indeed
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*