Overview

Edgewater is currently seeking an Application Security Engineer who will be a hands-on subject matter expert in Microsoft Azure cloud technologies, application security, security architectures, security tools, and methodologies. The Application Security Engineer will support our federal customer in the Washington DC. This is a hands-on technical role that will provide the right candidate with an exciting opportunity to develop the federal customer’s application security program, working with developers and the organization to meet the strategic security goals of the agency.

This is a remote position but requires the candidate to work at the federal site in Washington DC at least one day a month so candidates local to the Washington, DC area strongly preferred.

Responsibilities

• Mature Application Security Program and implement measures throughout the code’s lifecycle to prevent gaps in the application security policy or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application
• Lead and work closely with developer Agile teams to promote secure code development by providing security requirements throughout the development process
• Analyze, design, develop, and operate programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context
• Partner with agency software development teams and provides consultative security expertise; performs cross functional interviews with developers, and application partners to determine if application security controls are implemented correctly
• Create application security policies and standards as a part of the larger information security policy framework
• Conduct technical testing focused on the identification of OWASP-type vulnerabilities in cloud, and web applications, along with associated APIs
• Implement security controls to rapidly detect and respond to information security incidents; participates as needed in security incidents
• Work closely with the Security Engineering team to create and maintain Threat Models and associated remediation recommendations
• Leverage NIST 800-53/FedRAMP assessment experience, technical, and program management skills to lead, plan, track, collaborate and report on the agency’s Application Security Posture Management
• Lead application risk assessments and control gap analysis procedures, activities, documents, and communication plans
• Be a source of information security subject matter with an expertise in Azure, GitHub, and Application Security

Qualifications

• Experience in securing Azure cloud infrastructure (i.e., inspection, logging, WAF, VM)
• Experience leveraging CI/CD deployment methodologies and infrastructure as code (IaC)
• Experience writing playbooks and scripts for automation tools including Terraform, Ansible for IaC
• Demonstrate proficiency with a scripting or coding language, preferably Python.
• Practical implementation and architectural experience in encryption techniques, including data at rest and in transit
• Proficiency in automation and scripting, such as C#, Go, Java, Python, Rust, HTML, Terraform or JavaScript.
• Ability to discuss Information Security concepts such as defense in depth and zero trust.
• Demonstrate ability to communicate ideas both verbally and in writing to management, business and IT sponsors, and technical resources in language that is appropriate for each group.
• Ability to work collaboratively with developers across multiple departments
• Ability to work effectively in a fast-paced, project-oriented environment
• Ability to prioritize and execute tasks
• Strong analytical and problem-solving skills
• Strong technical acumen, communication, and influence skills
• Working knowledge of system hardening (CIS, STIGs, SRGs, regulatory compliance)
• Experience working with and supporting Unix/Linux and Windows systems. 

Requirements

• Bachelor’s degree in computer science or related fields
• Minimum of 8 years of experience in Information Security or related fields
• CISSP or equivalent (CompTIA Security , CEH, or DoD equivalent)
• Experience with Code Scanner to analyze the code in a GitHub repository to find security vulnerabilities and coding errors

Preferred Certifications:

• • AZ-500: Microsoft Azure Security Technologies
  • CASE - Certified Application Security Engineer
  • CASS - Certified Application Security Specialist

Edgewater Federal Solutions is a privately held government contracting firm located near Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services, and timely delivery. Edgewater is ISO 9001, 20000-1, 27001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies from 2018 through 2023.

LI-KC1