Web Developer Security Engineer

Position Title: Web Developer Security Engineer
Clearance Requirement: Public Trust (Tier 2)
Location: Remote/Hybrid (as approved by customer)

Position Overview: Nationwide IT Services (NIS) is seeking a Web Developer Security Engineer to support application security initiatives across web applications, APIs, and the software development lifecycle (SDLC). The selected candidate will be responsible for secure application design, vulnerability management, DevSecOps integration, security monitoring, WAF administration, File Integrity Monitoring (FIM), and Tier II security operations support.

Required Experience:

• Minimum 3 years of experience in Application Security and Secure Software Development Lifecycle (SSDLC).
• Strong knowledge of web application security principles and OWASP Top 10 vulnerabilities.
• Experience managing the full vulnerability lifecycle, including threat modeling, security assessments, remediation, and validation.
• Experience with secure application design, architecture reviews, data protection, and secure communications.
• Hands-on experience with Web Application Firewall (WAF) deployment, configuration, and tuning.
• Experience with File Integrity Monitoring (FIM), log analysis, Indicators of Compromise (IOC) detection, and threat intelligence automation.
• Experience supporting Tier II Security Operations.
• Experience implementing DevSecOps practices and automated security controls within CI/CD pipelines.

Technical Skills:

• .NET Technologies: C#, ASP.NET MVC, WCF
• Front-End: HTML5, CSS3, JavaScript, React, TypeScript
• APIs & Databases: REST APIs, SQL
• Programming/Scripting: Python, Node.js, Java
• AI-Assisted Development Tools (e.g., GitHub Copilot)
• Security Tools: SIEM, IDS/IPS, NDR, EDR
• Cloud & Container Security: AWS, Docker, Kubernetes

Compliance & Governance:

• Experience supporting environments governed by NIST SP 800-53, FISMA, and FedRAMP.
• Experience participating in audits, security assessments, and authorization activities.

Education:

• Bachelor's degree or higher in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.

Required Certifications:
Application Security (One Required):

• CSSLP, OR
• GIAC Web Application Penetration Tester (GWEB), OR
• CASE

Offensive Security (One Required):

• OSWE, OR
• OSCP

Foundational Security (One Required):

• Security+, OR
• GSEC

Preferred Qualifications:

• Experience securing federal government applications and systems.
• Experience integrating security controls into modern CI/CD pipelines.
• Strong understanding of cloud-native and containerized application security.

Key Responsibilities:

• Perform application security reviews and threat modeling.
• Conduct vulnerability assessments and oversee remediation efforts.
• Implement and maintain security controls within CI/CD pipelines.
• Configure and tune WAF and File Integrity Monitoring solutions.
• Analyze logs, investigate security events, and support incident response activities.
• Collaborate with development teams to ensure secure coding practices.
• Support compliance, audit, and security authorization requirements.

Working at NIS means being part of a company grounded in purpose, resilience,
and a genuine commitment to people. Since its founding in 2006, NIS has focused not only
on delivering exceptional services to our government customers, but also supporting our
nation, taxpayers, and citizens-while consistently prioritizing the well-being and growth of
its employees. Today, NIS continues to evolve by embracing remote work, enhancing
wellness initiatives, and investing in modern technology, all while staying true to its
mission.