About the Opportunity
DMI is seeking a Web Developer Security Engineer to embed security throughout the software development lifecycle for a federal agency client. In this role, you will identify and remediate vulnerabilities in web applications and APIs, integrate security controls into application architectures, and support compliance with federal cybersecurity frameworks — functioning at the intersection of development and security.
Duties and Responsibilities:
- Identify, analyze, and remediate critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations in web applications and APIs
- Drive end-to-end vulnerability lifecycle management, including threat modeling, security assessments, and technical validation of remediation
- Integrate security controls into application architectures and APIs; advise on secure design patterns and data protection mechanisms
- Review and analyze web server and application logs to detect anomalies and indicators of compromise; implement threat intelligence automation
- Deploy, tune, and maintain Web Application Firewalls (WAF) tailored to custom-developed applications and traffic patterns
- Configure and manage File Integrity Monitoring (FIM) solutions to detect and alert on unauthorized changes to web content directories
- Implement DevSecOps principles throughout the CI/CD pipeline; develop security metrics and compliance reporting against established baselines
- Ensure web applications and cloud infrastructure comply with NIST SP 800-53, FISMA, and FedRAMP requirements; participate in audits and risk assessments
- Provide Tier II support for security operations and recommend ongoing security enhancements
Qualifications
Education and Years of Experience:
- Bachelor's degree or higher in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field
- Minimum 3 years of experience in Web Application Security, Application Security Engineering (AppSec), or SSDLC
- Proficiency in .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL
- Strong understanding of OWASP Top 10 and secure coding standards
- Experience deploying and managing WAF solutions for custom-developed web applications
- Experience configuring FIM solutions for web content and application directories
- Familiarity with security testing tools, including Wireshark, SIEM, IDS/IPS, NDR, and EDR
- Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API) for security automation and compliance auditing
- Experience implementing DevSecOps principles, including security gate integration in CI/CD pipelines
- Active security certifications across AppSec, offensive security, and foundational security domains, maintained for a minimum of 5 years
Required Skills & Certifications:
- In-depth experience with federal cybersecurity frameworks, including NIST SP 800-53, FISMA, and FedRAMP authorization processes
- Proven background in threat modeling, risk assessment, and security architecture design
- Advanced experience with CI/CD pipeline security gate automation
- Cloud security experience with AWS and container security (Docker, Kubernetes)
Clearance Requirements: Must possess or be eligible to obtain and complete a government security screening and/or a Secret security clearance.
Citizenship Status Required: Must be a U.S. Citizen
Physical Requirements: None required for this position.
Location: Remote, US
Minimum Salary Rate$77,800.00
Median Salary Rate$85,341.00