United States onlySecurity Infrastructure Support Application Developer
Overview
cFocus Software is seeking a Security Infrastructure Support Application Developer to design, develop, and maintain secure, reliable, and scalable applications across hybrid (on-premises and cloud) environments in support of a federal agency. The Application Developer will develop and modernize legacy systems, integrate DevSecOps practices, and ensure compliance with federal cybersecurity frameworks. This position requires strong programming and scripting skills, hands-on cybersecurity experience, and the ability to work collaboratively across technical teams.This is a full-time position that may require on-site support at federal agency locations in the Washington, D.C. metro area. Some telework flexibility may be available depending on mission requirements. Must be able to obtain and maintain a Public Trust or higher-level security clearance as required by the agency.
Responsibilities
The Security Infrastructure Support Application Developer shall perform duties that include, but are not limited to:- Design, develop, and maintain secure applications supporting hybrid infrastructures, including on-premises and cloud environments.
- Develop and modernize legacy applications using JavaServer Pages (JSP) and other web-based technologies.
- Implement and maintain secure coding standards and DevSecOps practices throughout the software development lifecycle (SDLC).
- Collaborate with cybersecurity teams to ensure applications meet federal compliance and security requirements.
- Integrate secure automation and testing processes into build, test, and deployment pipelines using CI/CD tools.
- Develop and maintain APIs (SOAP and REST) to support system integration and interoperability.
- Write and maintain scripts in Java, Python, and SQL to automate system operations, monitoring, and data analysis.
- Ensure application compliance with FISMA, NIST SP 800-53, NIST SP 800-92, OMB M-21-31, and CDM frameworks.
- Perform application security assessments, vulnerability analysis, and remediation planning for web and enterprise systems.
- Work with AWS, Azure, and O365 environments to support application migration, integration, and security hardening efforts.
- Collaborate with stakeholders, including third-party vendors and cross-functional teams, to resolve technical issues and ensure application reliability.
- Produce and maintain detailed documentation including application architecture diagrams, user guides, and SOPs.
- Provide technical briefings and reports to executive and non-technical stakeholders regarding system status, risks, and improvements.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (preferred).
- 5+ years of experience designing, installing, maintaining, supporting, and developing IT systems in hybrid (on-premises and cloud) environments.
- 2+ years of experience in cybersecurity or information security roles.
- Strong verbal and written communication skills for explaining complex security concepts to technical and non-technical stakeholders, including executive-level audiences.
- Demonstrated familiarity with cloud security concepts, services, and operations (AWS, Azure, O365), including migration and security hardening for applications.
- Familiarity with DevSecOps practices that incorporate secure code and automation into build, test, and deployment processes for security operations.
- Strong scripting skills in Java, Python, SOAP API, and SQL query languages for automation and tool development.
- Extensive experience in developing and maintaining legacy JavaServer Pages (JSP) applications.
- Familiarity with common full-stack or cloud-based web applications and development frameworks.
- Hands-on experience with federal cybersecurity compliance frameworks (FISMA, NIST SP 800-53, NIST SP 800-92, OMB M-21-31, CDM).
- Strong problem-solving and analytical abilities for identifying and addressing security issues and root causes.
- Experience working with third-party vendors and cross-functional teams to support application development and integration.
Preferred Qualifications
- Experience supporting DHS or other federal agencies in secure application development or modernization efforts.
- Proficiency with modern web frameworks such as Angular, React, or Spring Boot.
- Experience with CI/CD tools such as Jenkins, GitLab CI, or AWS CodePipeline.
- Knowledge of secure coding standards and vulnerability mitigation techniques (e.g., OWASP Top 10).
- Experience with containerized environments (Docker, Kubernetes) and cloud-native application development.
- Ability to produce detailed documentation and reports for compliance and technical audiences.
