United States onlyWeb Application Security Subject-Matter Expert / Technical Lead
Overview
cFocus Software is seeking a Web Application Security Subject-Matter Expert (SME) / Technical Lead to provide advanced technical guidance and leadership in securing federal web applications and platforms. The SME/Technical Lead will operate vulnerability assessment tools, analyze application security weaknesses, and develop dashboards and reports to track remediation efforts. This role requires a deep understanding of application security principles, secure coding practices, and vulnerability management across various development environments.This is a full-time position that may require on-site support at federal agency locations in the Washington, D.C. metro area. Some telework flexibility may be available depending on mission requirements. Must be able to obtain and maintain a Public Trust or higher-level security clearance as required by the agency.
Responsibilities
The Web Application Security SME / Technical Lead shall perform duties that include, but are not limited to:- Lead the execution of web application vulnerability assessments using both automated and manual tools to identify security flaws, misconfigurations, and missing patches.
- Analyze and interpret scan results to identify exploitable vulnerabilities, prioritize findings, and recommend appropriate remediation strategies.
- Ensure web applications and associated platforms are configured and maintained in compliance with federal cybersecurity standards and secure coding practices.
- Operate and maintain web vulnerability assessment tools and integrate results into enterprise dashboards and reporting systems.
- Develop reporting and dashboards for vulnerability remediation analysis, status tracking, and compliance documentation.
- Collaborate with software developers, system administrators, and cybersecurity engineers to remediate vulnerabilities and enhance application security posture.
- Conduct security reviews of web application architectures and provide recommendations for risk mitigation and design improvements.
- Develop and implement security baselines, policies, and standard operating procedures (SOPs) for web application security.
- Support security testing and validation during all phases of the software development lifecycle (SDLC).
- Provide subject-matter expertise for penetration testing, vulnerability management, and continuous monitoring initiatives related to web applications.
Required Qualifications
- Demonstrable knowledge, skills, and experience in operating and maintaining automated or manual tools to identify web application weaknesses such as misconfigurations, missing patches, and other security flaws.
- Experience operating web vulnerability assessment tools and analyzing and interpreting results.
- Experience securing web application platforms such as Python, PHP, Java/JavaScript, C#, and SQL.
- Ability to prioritize findings or configuration settings to address the most critical vulnerabilities first.
- Experience developing reporting and dashboards for vulnerability remediation analysis, status, and tracking.
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (preferred).
Preferred Qualifications
- Experience securing federal or DHS web application environments.
- Knowledge of OWASP Top 10, NIST SP 800-53, and related web application security frameworks.
- Proficiency with web vulnerability scanning tools such as Burp Suite, Acunetix, Nessus, Qualys, or similar technologies.
- Experience integrating vulnerability assessment data with SIEM and compliance reporting tools.
- Strong understanding of secure coding practices, DevSecOps principles, and web application development lifecycles.
- Ability to communicate complex security findings to developers and executives effectively.
