Edgewater Federal Solutions, Inc.

Application Security Engineer

Edgewater Federal Solutions, Inc.  •  $140k - $160k/yr  •  Washington, DC (Remote)  •  2 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Edgewater is currently seeking an Application Security Engineer who will be a hands-on subject matter expert in Microsoft Azure cloud technologies, application security, security architectures, security tools, and methodologies. The Application Security Engineer will support our federal customer in Washington DC. This is a hands-on technical role that will provide the right candidate with an exciting opportunity to develop the federal customer’s application security program, working with developers and the organization to meet the strategic security goals of the agency.

This is a remote position but requires the candidate to work at the federal site in Washington DC at least one day a month so candidates local to the Washington, DC area strongly preferred.

Due to the contract and nature of the work, US Citizenship is required to obtain a Department of Energy security clearance.

Responsibilities

    • Drive the strategic maturation of the agency’s Application Security (AppSec) program by defining security standards, scaling automation, and embedding secure development practices across all product lifecycles.
    • Perform SAST assessments using Veracode and GitHub Advanced Security, identifying code-level vulnerabilities and providing remediation guidance.
    • Conduct and analyze DAST scans, including configuration, execution, and triage of results.
    • Evaluate and prioritize vulnerabilities using industry frameworks such as CVSS, CWE, OWASP Top 10, WASC, and SANS Top 25.
    • Collaborate with development, DevOps, and security teams to integrate security controls into CI/CD pipelines and the broader SDLC.
    • Provide expert advice on secure coding principles and assist developers in resolving security findings.
    • Troubleshoot application and connectivity issues in Linux-based environments.
    • Contributes to the design and implementation of enterprise-wide application security controls.
    • Ensure alignment with federal security and compliance standards, including NIST 800‑53, FIPS, and FedRAMP.
    • Maintain awareness of emerging threats, vulnerabilities, and best practices in application security.

Qualifications

      • Experience supporting SAST/DAST environments using Veracode.
      • Experience with SCA tools and vulnerability remediation
      • Experience leveraging CI/CD deployment methodologies and infrastructure as code (IaC)
      • Experience writing playbooks and scripts for automation tools including Terraform, Ansible for IaC
      • Demonstrate proficiency with a scripting or coding language, preferably Python.
      • Proficiency in automation and scripting, such as PowerShell, Python, Bash, and Terraform.
      • Ability to discuss Information Security concepts such as defense in depth and zero trust.
      • Demonstrate ability to communicate ideas both verbally and in writing to management, business and IT stakeholders, and technical resources in language that is appropriate for each group.
      • Ability to work collaboratively with developers across multiple departments
      • Ability to work effectively in a fast-paced, project-oriented environment
      • Ability to analyze and prioritize vulnerabilities based on risk
      • Strong technical acumen, communication, and influence skills
      • Working knowledge of system hardening (CIS, STIGs regulatory compliance)
      • Experience working with and supporting Unix/Linux and Windows systems.
      • Experience with SCA tools and vulnerability remediation in containers
      • Container orchestration and container security experience
      • 3+ years in application security supporting SAST, DAST, and SCA environments
      • 3+ years of experience designing and implementing application security controls
      • 3+ years of experience working in Linux-based environments, including troubleshooting application and connectivity issues.
      • Knowledge of federal security and compliance standards (NIST 800-53, FIPS, FedRAMP).
    • Preferred Qualifications:

      • Experience in securing Azure cloud infrastructure (i.e., inspection, logging, WAF, VM)
      • Experience with Azure DevOps
      • Practical implementation and architectural experience in encryption techniques, including data at rest and in transit
      • Prior experience as a software developer is highly preferred

      Requirements

      • Bachelor’s degree in computer science or related fields
      • Minimum of 8 years of experience in Information Security or related fields
      • CISSP or equivalent (CompTIA Security+, CEH, or DoD equivalent)

      Preferred Certifications:

      • ISC2 Certified Information Systems Security Professional (CISSP)
      • ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
      • GIAC Web Application Penetration Tester (GWAPT)
      • Microsoft Azure Security Engineer (AZ‑500)
      • HashiCorp Terraform Associate (Infrastructure as Code)

Salary: $140,000 - $160,000

About Us:

Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2025.

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law.status protected by applicable law.

Edgewater Federal Solutions, Inc.

About Edgewater Federal Solutions, Inc.

Edgewater Federal Solutions was founded in 2002 with the mission of being the best IT consulting company possible for our government clients, our contracting partners and our employees. We give you the opportunity to achieve contracting compliance without sacrificing quality.

Our business has grown steadily, supporting several federal organizations across the U.S. Our success is based on deep institutional knowledge of such entities as the Department of Energy and our unparalleled team of experts in every aspect of the IT life cycle, from program/project management to system/network operations to cyber security. It is this team that inspired the Edgewater slogan, “Our People ... Your Edge.”

The majority of our employees currently have or have previously held a top secret clearance, and many have advanced degrees and certifications in their specialties. Whether a CIO needs to implement a major system integration or a cabinet-level agency wants policy support and governance, Edgewater brings in the optimal combination of talent and knowledge for maximum efficiency and effectiveness.

How do we attract such highly qualified people to our team? By offering compensation that matches or exceeds others in the industry. This, along with Edgewater's stability and extensive experience within government, fosters a sense of confidence, commitment and loyalty in our employees. Our corporate culture breeds success, which in turn engenders your success.

Industry
Unknown
Company Size
201-500 employees
Headquarters
Frederick, Maryland
Year Founded
2002
Social Media