Job Requirements
Reston, VA
Clearance Unspecified Polygraph not specified
Mid Level Career (5+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Web Developer Security Engineer
Company: Horizon Global Partners (HgP)
Division: Defense & Aerospace Services (DAS)
Location: Washington, DC (Hybrid)
Employment Type: Full-Time
Clearance Requirement: Public Trust Tier 2 (Active preferred; ability to obtain required)
Position Summary
Horizon Global Partners (HgP) is seeking a highly skilled Web Developer Security Engineer to support a Federal Government customer by securing mission-critical web applications, APIs, and cloud-based services. The successful candidate will integrate security throughout the Secure Software Development Lifecycle (SSDLC), identify and remediate application vulnerabilities, implement DevSecOps practices, and strengthen application security through secure architecture, automation, and continuous monitoring.
The ideal candidate combines strong software development experience with application security engineering expertise and has hands-on experience implementing secure coding practices, threat modeling, vulnerability management, Web Application Firewalls (WAF), File Integrity Monitoring (FIM), and CI/CD security automation.
________________________________________
Position Responsibilities
Application Security Engineering
• Identify, assess, and remediate web application vulnerabilities, insecure dependencies, and application misconfigurations.
• Conduct application security reviews throughout the Secure Software Development Lifecycle (SSDLC).
• Validate remediation efforts through technical testing and secure code review.
• Develop and maintain secure coding standards aligned with OWASP best practices.
Secure Architecture & Threat Modeling
• Perform threat modeling and application risk assessments.
• Design secure web application and REST API architectures.
• Recommend secure authentication, authorization, encryption, and data protection mechanisms.
• Implement secure design patterns that reduce application attack surfaces.
DevSecOps & CI/CD Security
• Integrate security controls into CI/CD pipelines.
• Automate security testing using Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secrets scanning.
• Implement security gates to prevent vulnerable code from reaching production.
• Support Git-based secure development workflows and DevSecOps automation.
Monitoring & Incident Response
• Analyze web server, application, and security logs for indicators of compromise.
• Configure and tune Web Application Firewalls (WAF) to protect enterprise web applications.
• Implement and maintain File Integrity Monitoring (FIM) solutions.
• Support security incident investigations and forensic analysis.
Secure Software Development
Develop and secure applications using technologies including:
• .NET
• C#
• ASP.NET MVC
• WCF
• HTML5
• CSS3
• JavaScript
• REST APIs
• SQL
• Python
• Node.js
• React
• TypeScript
Mobile & Cloud Security
• Evaluate and implement security controls for mobile web applications.
• Support secure cloud application deployments.
• Collaborate with infrastructure and cloud engineering teams to improve application security posture.
Compliance & Documentation
• Support compliance with NIST SP 800-53, FISMA, and FedRAMP requirements.
• Participate in security assessments, audits, and authorization activities.
• Develop security documentation, remediation plans, risk assessments, and engineering standards.
• Produce security metrics and compliance reports.
________________________________________
Required Qualifications
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.
• Minimum 3 years of Application Security (AppSec), Secure Software Development Lifecycle (SSDLC), or Web Application Security experience.
• Extensive experience with secure software development and vulnerability remediation.
• Experience implementing DevSecOps principles throughout CI/CD pipelines.
• Strong knowledge of OWASP Top 10 vulnerabilities and secure coding practices.
• Experience performing threat modeling and application risk assessments.
• Experience deploying, tuning, and maintaining Web Application Firewalls (WAF).
• Experience configuring and managing File Integrity Monitoring (FIM).
• Experience analyzing web server and application logs.
• Experience with SIEM, IDS/IPS, EDR, or Network Detection & Response (NDR) technologies.
• Experience securing REST APIs and cloud-based applications.
• Excellent analytical, documentation, and communication skills.
________________________________________
Required Technical Skills
• .NET
• C#
• ASP.NET MVC
• WCF
• HTML5
• CSS3
• JavaScript
• TypeScript
• React
• Node.js
• Python
• REST APIs
• SQL
• Secure SDLC (SSDLC)
• DevSecOps
• CI/CD Security
• Threat Modeling
• OWASP Top 10
• Secure Coding
• Vulnerability Management
• WAF
• File Integrity Monitoring (FIM)
• SIEM
• IDS/IPS
• EDR
• NDR
• Git
• Security Automation
• Mobile Web Security
________________________________________
Required Credentials
Candidates should possess current security certifications that demonstrate expertise in secure software development and application security. The Government requires at least one current certification from each of the following categories, with equivalent legacy certifications accepted if professionally maintained for at least five years:
Application Security (AppSec) – At least one required
• Certified Secure Software Lifecycle Professional (CSSLP)
• GIAC Certified Web Application Defender (GWEB)
• EC-Council Certified Application Security Engineer (CASE)
Offensive Security – At least one required
• OffSec Web Expert (OSWE)
• Offensive Security Certified Professional (OSCP)
Foundational Security – At least one required
• CompTIA Security+
• GIAC Security Essentials (GSEC)
________________________________________
Preferred Qualifications
• Experience with Federal Government or DoD environments.
• Experience with NIST SP 800-53, FISMA, and FedRAMP authorization processes.
• Experience with AWS cloud security.
• Experience securing Docker and Kubernetes environments.
• Experience implementing automated security gates within CI/CD pipelines.
• Experience using AI-assisted development tools such as GitHub Copilot or OpenAI APIs to improve secure software development workflows.
________________________________________
Why Join Horizon Global Partners?
At Horizon Global Partners, you’ll support mission-critical Federal Government systems by integrating security into every stage of the software development lifecycle. You’ll collaborate with software developers, DevSecOps engineers, cybersecurity professionals, and cloud architects to build resilient, secure, and compliant web applications that support critical government missions.
Company: Horizon Global Partners (HgP)
Division: Defense & Aerospace Services (DAS)
Location: Washington, DC (Hybrid)
Employment Type: Full-Time
Clearance Requirement: Public Trust Tier 2 (Active preferred; ability to obtain required)
Position Summary
Horizon Global Partners (HgP) is seeking a highly skilled Web Developer Security Engineer to support a Federal Government customer by securing mission-critical web applications, APIs, and cloud-based services. The successful candidate will integrate security throughout the Secure Software Development Lifecycle (SSDLC), identify and remediate application vulnerabilities, implement DevSecOps practices, and strengthen application security through secure architecture, automation, and continuous monitoring.
The ideal candidate combines strong software development experience with application security engineering expertise and has hands-on experience implementing secure coding practices, threat modeling, vulnerability management, Web Application Firewalls (WAF), File Integrity Monitoring (FIM), and CI/CD security automation.
________________________________________
Position Responsibilities
Application Security Engineering
• Identify, assess, and remediate web application vulnerabilities, insecure dependencies, and application misconfigurations.
• Conduct application security reviews throughout the Secure Software Development Lifecycle (SSDLC).
• Validate remediation efforts through technical testing and secure code review.
• Develop and maintain secure coding standards aligned with OWASP best practices.
Secure Architecture & Threat Modeling
• Perform threat modeling and application risk assessments.
• Design secure web application and REST API architectures.
• Recommend secure authentication, authorization, encryption, and data protection mechanisms.
• Implement secure design patterns that reduce application attack surfaces.
DevSecOps & CI/CD Security
• Integrate security controls into CI/CD pipelines.
• Automate security testing using Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secrets scanning.
• Implement security gates to prevent vulnerable code from reaching production.
• Support Git-based secure development workflows and DevSecOps automation.
Monitoring & Incident Response
• Analyze web server, application, and security logs for indicators of compromise.
• Configure and tune Web Application Firewalls (WAF) to protect enterprise web applications.
• Implement and maintain File Integrity Monitoring (FIM) solutions.
• Support security incident investigations and forensic analysis.
Secure Software Development
Develop and secure applications using technologies including:
• .NET
• C#
• ASP.NET MVC
• WCF
• HTML5
• CSS3
• JavaScript
• REST APIs
• SQL
• Python
• Node.js
• React
• TypeScript
Mobile & Cloud Security
• Evaluate and implement security controls for mobile web applications.
• Support secure cloud application deployments.
• Collaborate with infrastructure and cloud engineering teams to improve application security posture.
Compliance & Documentation
• Support compliance with NIST SP 800-53, FISMA, and FedRAMP requirements.
• Participate in security assessments, audits, and authorization activities.
• Develop security documentation, remediation plans, risk assessments, and engineering standards.
• Produce security metrics and compliance reports.
________________________________________
Required Qualifications
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.
• Minimum 3 years of Application Security (AppSec), Secure Software Development Lifecycle (SSDLC), or Web Application Security experience.
• Extensive experience with secure software development and vulnerability remediation.
• Experience implementing DevSecOps principles throughout CI/CD pipelines.
• Strong knowledge of OWASP Top 10 vulnerabilities and secure coding practices.
• Experience performing threat modeling and application risk assessments.
• Experience deploying, tuning, and maintaining Web Application Firewalls (WAF).
• Experience configuring and managing File Integrity Monitoring (FIM).
• Experience analyzing web server and application logs.
• Experience with SIEM, IDS/IPS, EDR, or Network Detection & Response (NDR) technologies.
• Experience securing REST APIs and cloud-based applications.
• Excellent analytical, documentation, and communication skills.
________________________________________
Required Technical Skills
• .NET
• C#
• ASP.NET MVC
• WCF
• HTML5
• CSS3
• JavaScript
• TypeScript
• React
• Node.js
• Python
• REST APIs
• SQL
• Secure SDLC (SSDLC)
• DevSecOps
• CI/CD Security
• Threat Modeling
• OWASP Top 10
• Secure Coding
• Vulnerability Management
• WAF
• File Integrity Monitoring (FIM)
• SIEM
• IDS/IPS
• EDR
• NDR
• Git
• Security Automation
• Mobile Web Security
________________________________________
Required Credentials
Candidates should possess current security certifications that demonstrate expertise in secure software development and application security. The Government requires at least one current certification from each of the following categories, with equivalent legacy certifications accepted if professionally maintained for at least five years:
Application Security (AppSec) – At least one required
• Certified Secure Software Lifecycle Professional (CSSLP)
• GIAC Certified Web Application Defender (GWEB)
• EC-Council Certified Application Security Engineer (CASE)
Offensive Security – At least one required
• OffSec Web Expert (OSWE)
• Offensive Security Certified Professional (OSCP)
Foundational Security – At least one required
• CompTIA Security+
• GIAC Security Essentials (GSEC)
________________________________________
Preferred Qualifications
• Experience with Federal Government or DoD environments.
• Experience with NIST SP 800-53, FISMA, and FedRAMP authorization processes.
• Experience with AWS cloud security.
• Experience securing Docker and Kubernetes environments.
• Experience implementing automated security gates within CI/CD pipelines.
• Experience using AI-assisted development tools such as GitHub Copilot or OpenAI APIs to improve secure software development workflows.
________________________________________
Why Join Horizon Global Partners?
At Horizon Global Partners, you’ll support mission-critical Federal Government systems by integrating security into every stage of the software development lifecycle. You’ll collaborate with software developers, DevSecOps engineers, cybersecurity professionals, and cloud architects to build resilient, secure, and compliant web applications that support critical government missions.
group id: 91140176