Job Requirements
Fairfax, VA
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description
Everforth ECS is seeking a Senior Security Test Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
The Senior Security Test Engineer serves as the principal authority for security test engineering across WDP Core Integration's full software development lifecycle, embedding automated security validation, compliance gating, and penetration testing activities directly into DevSecOps pipelines spanning NIPRNet, SIPRNet, and JWICS. This is a senior technical role responsible for translating DoW cybersecurity requirements and contract obligations into concrete, measurable test strategies that protect mission-critical software releases and sustain continuous authorization across all WDP enclaves.
• Conducts advanced test engineering operations supporting War Data Platform (WDP) Core Integration software lifecycle activities across development, testing, integration, staging, and production environments on NIPRNet, SIPRNet, and JWICS.
• Designs automated test suites using GitLab CI, Jenkins, Selenium, JMeter, SonarQube, OpenSCAP, and approved scanning tools to validate functionality, security, performance, and compliance requirements.
• Translates contract-level DevSecOps and cybersecurity requirements into concrete security-test objectives and embeds static analysis, software-composition analysis, and dynamic or interactive security testing directly into continuous integration and continuous deployment pipelines with automated gating and reporting.
• Implements DevSecOps-aligned testing strategies integrating automated gate checks, artifact-lineage verification, regression safety controls, and STIG-based compliance validation.
• Creates reusable security-testing scripts and supplements automated workflows with targeted manual or penetration-testing activities for high-risk release candidates.
• Uses Infrastructure-as-Code patterns to provision secure sandboxes that mirror production controls and employ synthetic or masked data to protect sensitive information during testing.
• Performs virtual-machine and container-security validation using Department of War Security Technical Implementation Guides and defense container-hardening standards embedded in CI workflows.
• Executes automated and manual testing, documents defects, validates fixes, and triages findings while maintaining a security-testing risk register.
• Reviews scan results, collaborates with developers for fix verification, and refines rulesets, tooling, and documentation to meet audit and regulatory obligations.
• Tracks key performance indicators including coverage, detection speed, pipeline stability, and reliability trends to support program reporting and continuous improvement.
• Coordinates with software engineers, DevSecOps pipeline operators, cybersecurity teams, and system-engineering personnel to reproduce issues, verify corrective actions, and synchronize readiness for sprint and release events.
• Supports maintenance of test environments, synthetic data sets, and repeatable validation workflows enabling stable, high-confidence software releases across all War Data Platform (WDP) Core Integration enclaves.
• Performs other duties as assigned.
Required Skills
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• 10-12 years of experience in security test engineering, software quality assurance, application security, or a closely related technical discipline, with demonstrated senior-level ownership of security testing strategy and automated pipeline integration in federal or enterprise software delivery environments.
• Demonstrated hands-on expertise designing and operating automated security test pipelines using tools such as GitLab CI, Jenkins, SonarQube, and OpenSCAP, with applied experience in SAST, DAST, software-composition analysis, STIG compliance validation, and container hardening in classified or government cloud environments.
• Proven ability to lead penetration testing coordination, security test planning, and risk register management in support of Authority to Operate (ATO) packages, Interim Authority to Test (IATT) preparation, and continuous monitoring obligations under the Risk Management Framework.
• Experience operating within DoW or federal classified multi-enclave environments, including familiarity with IL2, IL5, IL6, and JWICS software delivery constraints, DoW container hardening standards, and cross-domain security testing requirements.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Advanced cybersecurity or testing certification such as Certified Information Systems Security Professional (CISSP), GIAC Web Application Penetration Tester (GWAPT), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Security Certified Professional (OSCP), or AWS Certified DevOps Engineer - Professional.
• Experience with Zero Trust compliance validation and Attribute-Based Access Control (ABAC) policy testing in classified cloud environments, including familiarity with DoW Zero Trust Strategy and Reference Architecture requirements as applied within CI/CD security gate workflows.
• Familiarity with Agile and SAFe delivery methodologies, including senior-level experience integrating security test planning, sprint readiness reviews, and release gate reporting into Program Increment planning events and continuous delivery cycles.
• Experience producing and maintaining security test maturity assessments, pipeline performance dashboards, and technical roadmap documentation in support of program leadership, audit readiness, and continuous improvement initiatives across multi-enclave software delivery programs.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
Everforth ECS is seeking a Senior Security Test Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
The Senior Security Test Engineer serves as the principal authority for security test engineering across WDP Core Integration's full software development lifecycle, embedding automated security validation, compliance gating, and penetration testing activities directly into DevSecOps pipelines spanning NIPRNet, SIPRNet, and JWICS. This is a senior technical role responsible for translating DoW cybersecurity requirements and contract obligations into concrete, measurable test strategies that protect mission-critical software releases and sustain continuous authorization across all WDP enclaves.
• Conducts advanced test engineering operations supporting War Data Platform (WDP) Core Integration software lifecycle activities across development, testing, integration, staging, and production environments on NIPRNet, SIPRNet, and JWICS.
• Designs automated test suites using GitLab CI, Jenkins, Selenium, JMeter, SonarQube, OpenSCAP, and approved scanning tools to validate functionality, security, performance, and compliance requirements.
• Translates contract-level DevSecOps and cybersecurity requirements into concrete security-test objectives and embeds static analysis, software-composition analysis, and dynamic or interactive security testing directly into continuous integration and continuous deployment pipelines with automated gating and reporting.
• Implements DevSecOps-aligned testing strategies integrating automated gate checks, artifact-lineage verification, regression safety controls, and STIG-based compliance validation.
• Creates reusable security-testing scripts and supplements automated workflows with targeted manual or penetration-testing activities for high-risk release candidates.
• Uses Infrastructure-as-Code patterns to provision secure sandboxes that mirror production controls and employ synthetic or masked data to protect sensitive information during testing.
• Performs virtual-machine and container-security validation using Department of War Security Technical Implementation Guides and defense container-hardening standards embedded in CI workflows.
• Executes automated and manual testing, documents defects, validates fixes, and triages findings while maintaining a security-testing risk register.
• Reviews scan results, collaborates with developers for fix verification, and refines rulesets, tooling, and documentation to meet audit and regulatory obligations.
• Tracks key performance indicators including coverage, detection speed, pipeline stability, and reliability trends to support program reporting and continuous improvement.
• Coordinates with software engineers, DevSecOps pipeline operators, cybersecurity teams, and system-engineering personnel to reproduce issues, verify corrective actions, and synchronize readiness for sprint and release events.
• Supports maintenance of test environments, synthetic data sets, and repeatable validation workflows enabling stable, high-confidence software releases across all War Data Platform (WDP) Core Integration enclaves.
• Performs other duties as assigned.
Required Skills
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• 10-12 years of experience in security test engineering, software quality assurance, application security, or a closely related technical discipline, with demonstrated senior-level ownership of security testing strategy and automated pipeline integration in federal or enterprise software delivery environments.
• Demonstrated hands-on expertise designing and operating automated security test pipelines using tools such as GitLab CI, Jenkins, SonarQube, and OpenSCAP, with applied experience in SAST, DAST, software-composition analysis, STIG compliance validation, and container hardening in classified or government cloud environments.
• Proven ability to lead penetration testing coordination, security test planning, and risk register management in support of Authority to Operate (ATO) packages, Interim Authority to Test (IATT) preparation, and continuous monitoring obligations under the Risk Management Framework.
• Experience operating within DoW or federal classified multi-enclave environments, including familiarity with IL2, IL5, IL6, and JWICS software delivery constraints, DoW container hardening standards, and cross-domain security testing requirements.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Advanced cybersecurity or testing certification such as Certified Information Systems Security Professional (CISSP), GIAC Web Application Penetration Tester (GWAPT), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Security Certified Professional (OSCP), or AWS Certified DevOps Engineer - Professional.
• Experience with Zero Trust compliance validation and Attribute-Based Access Control (ABAC) policy testing in classified cloud environments, including familiarity with DoW Zero Trust Strategy and Reference Architecture requirements as applied within CI/CD security gate workflows.
• Familiarity with Agile and SAFe delivery methodologies, including senior-level experience integrating security test planning, sprint readiness reviews, and release gate reporting into Program Increment planning events and continuous delivery cycles.
• Experience producing and maintaining security test maturity assessments, pipeline performance dashboards, and technical roadmap documentation in support of program leadership, audit readiness, and continuous improvement initiatives across multi-enclave software delivery programs.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A