Web Developer Security Engineer (DevSecOps)

TL;DR

Web Developer Security Engineer (DevSecOps): Supporting application security initiatives across web applications, APIs, and the software development lifecycle with an accent on secure design, vulnerability management, and DevSecOps integration. Focus on implementing security controls, WAF administration, and ensuring compliance with federal standards like NIST SP 800-53 and FedRAMP.

Location: Remote/Hybrid (US-based, Public Trust Tier 2 clearance required)

Company

hirify.global is a purpose-driven organization providing exceptional technology services to government customers since 2006.

What you will do

• Perform application security reviews and threat modeling for web applications and APIs.
• Conduct vulnerability assessments and oversee remediation efforts throughout the SDLC.
• Implement and maintain automated security controls within CI/CD pipelines.
• Configure and tune WAF and File Integrity Monitoring (FIM) solutions.
• Analyze logs, investigate security events, and support incident response activities.
• Collaborate with development teams to promote and ensure secure coding practices.

Requirements

• Must hold or be eligible for Public Trust (Tier 2) clearance.
• Minimum 3 years of experience in Application Security and Secure SDLC.
• Strong knowledge of web application security principles and OWASP Top 10.
• Hands-on experience with WAF, FIM, and DevSecOps practices.
• Required certifications: One in AppSec (CSSLP/GWEB/CASE), one in Offensive Security (OSWE/OSCP), and one in Foundational Security (Security+/GSEC).
• Bachelor’s degree in Computer Science, Cybersecurity, or related field.

Culture & Benefits

• Commitment to employee well-being and professional growth.
• Support for remote and hybrid work arrangements.
• Focus on modern technology and continuous evolution.
• Mission-oriented work supporting government customers and citizens.