Application Security Engineer
Role summary
The Application Security Engineer will support secure application development and cybersecurity operations for Federal DoD programs. This senior-level role requires deep expertise in application security, software development, federal cybersecurity standards (NIST 800-53, RMF, FedRAMP), and secure architecture. Responsibilities include serving as the primary application security SME, guiding teams through RMF, leading security architecture reviews, integrating security into the SDLC, conducting advanced security testing, and advising leadership on risk posture. Experience with AWS GovCloud and FedRAMP environments is essential. A Bachelor's degree and 10 years of experience in application development and IT security are required, along with CISSP and CSSLP certifications.
Position Summary:
The Application Security Engineer position supports secure application development and cybersecurity operations for Federal DoD programs. The role requires a deep expertise in application security, software development, federal cybersecurity standards, and secure architecture. Will be responsible for senior-level leadership in information security, secure SDLC integration, and compliance with federal security frameworks such as NIST 800‑53, NIST 800‑37 RMF, FedRAMP, and agency-specific security baselines.
Primary Responsibilities:
· Serve as the primary application security SME for the project, ensuring compliance with NIST, FISMA, FedRAMP, DHS, DoD, and agency-specific security requirements.
· Guide system teams through Risk Management Framework (RMF) steps related to application security, including control implementation, evidence gathering, and POA&M mitigation.
· Lead security architecture reviews for mission-critical systems, ensuring secure-by-design principles across federal systems and networks.
· Integrate security into the federal SDLC by defining secure coding standards, conducting code reviews, and providing architectural input.
· Conduct and lead advanced security testing.
· Provide CISSP-level expertise on risk evaluation, compensating controls, and secure architecture guidance.
· Guide enterprise risk posture by advising leadership on vulnerabilities, mitigations, and long-term remediation planning.
· Ensure secure configurations of cloud resources within AWS GovCloud FedRAMP environments.
· All other duties as assigned by management.
Skills and Qualifications:
· Bachelor’s degree in computer science or related field
· 10 years in application development and IT security
· Experience performing risk assessments for Federal systems in AWS GovCloud
· Experience supporting FedRAMP High/Moderate systems
· Knowledge in Java, Python, HTML, SQL, CSS and cloud computing
· Excellent communication and management skills.
Certifications Required:
· Certified Secure Software Lifecycle Professional (CSSLP)
· Certified Information Systems Security Professional (CISSP)
· CompTIA Security +
Certifications Preferred:
· Certified Ethical Hacker (CEH)
Security Clearance Requirements:
· Must be a U.S. Citizen
· Must have an active DoD Secret clearance.
Work Location:
· 3 days in Fairfax, VA, 2 days in Washington, D.C.
Pay: From $50,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Flexible schedule
- Health insurance
- Paid time off
- Parental leave
- Retirement plan
- Tuition reimbursement
- Vision insurance
Work Location: In person
Similar roles
Sr. Application Security EngineervCluster · United States · Remote
Application Security EngineerRyder System · Massachusetts, United States · Onsite- Application Security EngineerMeridianLink · United States · Onsite
- Application Security EngineerRemoteHunter · United States · Remote
- Application Security EngineerArcadia.io · United States · Remote
