Web Developer Security Engineer in Washington, District of Columbia at Loch Harbour Group, Inc.

We are seeking a highly skilled Web Developer Security Engineer to support the design, development, implementation, and maintenance of secure web applications and cybersecurity solutions. The ideal candidate will possess deep expertise in Application Security (AppSec), Secure Software Development Lifecycle (SSDLC), DevSecOps automation, vulnerability remediation, and Federal cybersecurity compliance frameworks. This role requires a proactive security mindset and the ability to integrate security throughout the software development lifecycle while supporting mission-critical systems.

Key Responsibilities:

• Design, develop, and maintain secure web applications utilizing modern web technologies and frameworks including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL.
• Implement Secure Software Development Lifecycle (SSDLC) practices and secure coding standards.
• Conduct application security reviews, threat modeling, risk assessments, and vulnerability remediation activities.
• Ensure compliance with Open Worldwide Application Security Project (OWASP) Top 10 guidelines and industry security best practices.
• Leverage AI-assisted development tools such as GitHub Copilot, OpenAI APIs, and automation frameworks to improve security monitoring, code quality, and compliance auditing.

• Implement and maintain DevSecOps processes within CI/CD pipelines.
• Automate security testing, vulnerability scanning, compliance validation, and security gate enforcement throughout the development lifecycle.
• Develop scripts and automation solutions using Python, JavaScript/Node.js, Java, React.js, and TypeScript.
• Collaborate with development, operations, and cybersecurity teams to ensure secure software deployment and operations.

• Perform log analysis, security monitoring, and forensic investigations.
• Configure and maintain File Integrity Monitoring (FIM) solutions to detect unauthorized changes to web content and critical system files.
• Deploy, tune, and manage Web Application Firewalls (WAFs) to protect custom-developed applications against evolving cyber threats.
• Support Tier II security operations and provide recommendations for continuous security improvements.

• Perform risk assessments and analyze cyber threats affecting enterprise applications and infrastructure.
• Develop security metrics, compliance reporting, and audit documentation.
• Support Federal cybersecurity compliance efforts including:
  
  • NIST SP 800-53
  • FISMA
  • FedRAMP
• Evaluate, recommend, and implement security controls for web, cloud, and mobile device solutions.

• Implement security controls for cloud environments, including AWS.
• Secure containerized environments using Docker and Kubernetes.
• Support security operations through the use of SIEM, IDS/IPS, Network Detection and Response (NDR), Endpoint Detection and Response (EDR), and related cybersecurity technologies.

Required Qualifications:

• Minimum of three (3) years of experience in Web Application Security, Application Security Engineering (AppSec), or Secure Software Development Lifecycle (SSDLC).
• Extensive hands-on experience in:
  • Secure software development
  • DevSecOps automation
  • Vulnerability assessment and remediation
• Experience developing web applications using modern technologies and frameworks, including:
  • .NET (C# MVC, WCF)
  • HTML5
  • CSS3
  • JavaScript
  • REST APIs
  • SQL
• Proficiency in:
  • Log analysis
  • File Integrity Monitoring (FIM)
  • Web Application Firewall (WAF) administration and management
• Strong understanding of:
  • OWASP Top 10
  • Secure coding standards
  • Web application vulnerability mitigation techniques
• Experience deploying, configuring, tuning, and maintaining Web Application Firewall (WAF) solutions for custom-developed web applications.
• Experience configuring and managing File Integrity Monitoring (FIM) solutions to detect and alert on unauthorized changes to web content and critical files.
• Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting languages such as:
  • Python
  • JavaScript/Node.js
  • Java
  • React.js
  • TypeScript
• Familiarity with security monitoring and testing tools, including:
  • Wireshark
  • SIEM platforms
  • IDS/IPS
  • Network Detection and Response (NDR)
  • Endpoint Detection and Response (EDR)
• Ability to:
  • Perform risk assessments
  • Analyze cybersecurity threats
  • Develop remediation recommendations for enterprise systems and applications
• Proven experience implementing DevSecOps principles and integrating security controls throughout CI/CD pipelines.
• Experience developing security metrics, managing compliance reporting, and auditing systems against established security baselines.
• Experience evaluating, recommending, and implementing security controls for mobile devices and mobile web applications.
• Experience providing Tier II security operations support and recommending continuous security improvements for existing infrastructure.
• Demonstrated ability to work independently and collaboratively within cross-functional teams.

Desired Qualifications

• Experience supporting enterprise security operations in complex Federal or regulated environments.
• Experience automating security monitoring, compliance validation, and audit activities.
• Strong analytical, troubleshooting, and problem-solving skills with the ability to address emerging cybersecurity threats.

Education

• Bachelor's degree or higher in Computer Science, Cybersecurity, Information Systems, Engineering, or a related technical field.

Security Requirement

• U.S. Citizenship required.
• Must be eligible to obtain and maintain a Tier 2 Public Trust clearance

Candidates must possess current certifications from one or more of the following categories:

• Certified Secure Software Lifecycle Professional (CSSLP)
• GIAC Certified Web Application Defender (GWEB)
• EC-Council Certified Application Security Engineer (CASE)

• OffSec Web Expert (OSWE)
• Offensive Security Certified Professional (OSCP)

• CompTIA Security+
• GIAC Security Essentials (GSEC)

• Certifications (or equivalent predecessor certifications) must have been maintained and professionally utilized for a minimum of five (5) years.
• Expired certifications will not be considered.
• Certifications that have not been applied in a professional work environment will not be considered.

Preferred Qualifications

• In-depth experience supporting Federal cybersecurity compliance and authorization frameworks, including:
  • NIST SP 800-53
  • FISMA
  • FedRAMP
• Proven experience in:
  • Threat modeling
  • Cybersecurity risk assessments
  • Security architecture design
  • Development of resilient and secure enterprise systems
• Advanced experience implementing DevSecOps practices, including:
  • Integrating security controls throughout the software development lifecycle
  • Securing CI/CD pipelines
  • Automating security testing and security gate enforcement
• Knowledge of cloud security principles and best practices, particularly within AWS environments.
• Experience securing and managing containerized environments using:
  • Docker
  • Kubernetes

About Loch Harbour Group

Loch Harbour Group is a Service-Disabled Veteran-Owned Small Business founded in 1995. We hold CMMI Service Maturity Level 3, ISO 9001:2015, ISO/IEC 27001:2022, and ISO/IEC 20000-1:2018 certifications, and serve federal customers across DoD, homeland security, and civilian agencies. LHG is an equal opportunity employer and considers all qualified applicants without regard to race, color, religion, sex, national origin, age, disability, veteran status, or any other protected status.

At LHG, we offer our employees a full comprehensive and competitive benefits package. Our benefits package features:

• Competitive salaries
• Paid time off
• Health, dental and vision insurance
• Company paid short/long term disability
• Company paid Life and Accidental Death & Dismemberment insurance
• 401(k) (up to 5% matching)
• Flexible Spending Accounts (FSA)
• Other company perks

The Loch Harbour Group is an equal opportunity employer, all interested qualified applicants are encouraged to apply, D/M/V/F. LHG welcomes and encourages diversity in the workforce.