Web Developer Security Engineer

CMT Services Inc.

$90K — $130K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years in secure software development and DevSecOps automation
  • 3 years in web application security or secure software development lifecycle
  • Strong proficiency in modern web development technologies (.NET, JavaScript, etc.)
  • Experience with security testing tools and techniques
  • Knowledge of OWASP Top 10 and secure coding practices
  • Relevant security certifications (CSSLP, OSWE, etc.)
  • Bachelor's degree in a related field such as Computer Science or Cybersecurity

Responsibilities

  • Identify and mitigate critical security vulnerabilities in web applications
  • Drive proactive threat modeling and security assessments throughout the project lifecycle
  • Integrate security controls into application architectures and provide secure design advice
  • Analyze web server/application logs for anomalies indicative of security breaches
  • Implement automation scripts for efficient security monitoring and incident response
  • Document security findings, remediation actions, and compliance controls
  • Ensure adherence to federal security standards and participate in necessary audits

Benefits

  • Remote work flexibility with potential on-site requirements
  • Supportive and collaborative team culture
  • Opportunities for professional development and career advancement
  • Engagement in innovative and meaningful infrastructure projects
Full Job Description
Position Title: Web Developer Security Engineer Location: US Congressional Budget Office Ford House Office Building, 4th floor 2nd St SW, 441 D St SW Washington, DC 20024 Period of Performance: 08/15/2026 - 08/14/2031 Place of Performance: Remote work; however, at CBO's discretion employees may be required to work on-site at CBO facilities Position Summary: Protects CBO's mission-critical web applications, APIs, and sensitive data by embedding strong security throughout the software development lifecycle - making security a proactive, built-in part of design and delivery. Key Responsibilities: - Identify, analyze, and neutralize critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations. - Drive the end-to-end vulnerability lifecycle - proactive threat modeling, advanced security assessments, and remediation validation. - Support integration of security controls into application architectures, APIs, and services; advise on secure design patterns, data protection, and secure communication protocols. - Obtain, review, and analyze web server and application logs to detect anomalies and indicators of compromise. - Implement automation scripts for threat-intelligence integration; support end-to-end response to web application security events. - Maintain documentation of findings, remediation steps, and security controls. - Ensure web applications and cloud infrastructure comply with NIST SP 800-53, FISMA, and FedRAMP (as applicable); participate in audits, risk assessments, and authorization. Required Qualifications: - Extensive hands-on secure software development, DevSecOps automation, and vulnerability remediation. - Proficiency in log analysis, file integrity monitoring (FIM), and managing web application firewalls (WAF). - Minimum 3 years in Web Application Security, AppSec, or secure SDLC (SSDLC). - Development with modern web technologies and frameworks including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL. - Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting (Python, JavaScript/Node.js, Java, React.js, TypeScript) to automate security monitoring and compliance audits. - Strong understanding of OWASP Top 10, secure coding standards, and mitigation of common web vulnerabilities. - Deploying, tuning, and maintaining WAF solutions tailored to custom applications and traffic patterns. - Configuring/managing File Integrity Monitoring (FIM) for web content directories. - Familiarity with security testing tools - Wireshark, SIEM, IDS/IPS, NDR, or EDR. - Evaluating/recommending/implementing security controls for mobile device and mobile-web interfaces. - Performing complex risk assessments, analyzing cyber threats, and providing remediation guidance for core systems and dependencies. - Implementing DevSecOps principles - integrating security controls throughout the CI/CD pipeline. - Developing security metrics, managing compliance reporting, and auditing systems against baselines. - Effective cross-team collaboration and independent work; providing Tier II support for security operations. Education: - Bachelor's degree (or higher) in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field. Certification: - Specialized AppSec: CSSLP (Certified Secure Software Lifecycle Professional); GWEB (GIAC Certified Web Application Defender); CASE (EC-Council Certified Application Security Engineer). - Offensive Security: OSWE (OffSec Web Expert); OSCP (Offensive Security Certified Professional). - Foundational Security: Security+; GSEC. Join Our Team: At CMT Services, we believe that extraordinary results come from empowering exceptional people. If you're ready to lead innovative projects, solve complex challenges, and contribute to meaningful infrastructure development while advancing your career in a supportive, collaborative environment, we want to hear from you. Disclaimer: By submitting your resume for this job posting, you authorize CMT Services, Inc. to forward your resume to all applicable internal and external managers, agencies, and recruitment personnel for review and consideration to hire.

Similar Jobs

More Jobs at CMT Services Inc.

More Information Technology Jobs

Find similar Web Developer Security Engineer jobs: