Create Alert
Email me similar jobs

Web Developer Security Engineer

Premium Remote Friendly Full-time Discretion GitHub Web Server Development Tools Web Application

ABOUT US:


CMT Services Inc. is a dynamic and small business supporting Federal, State, and Local government agencies. As an SBA-certified HUBZone, Woman Owned Small Business (WOSB), we deliver quality, professional services to support the missions and strategic business goals of our clients.

Position Title: Web Developer Security Engineer

Location:

US Congressional Budget Office

Ford House Office Building, 4th floor

2nd St SW, 441 D St SW

Washington, DC 20024

Period of Performance:

08/15/2026 - 08/14/2031

Place of Performance:

Remote work; however, at CBO’s discretion employees may be required to work on-site at CBO facilities


Position Summary:

Protects CBO’s mission-critical web applications, APIs, and sensitive data by embedding strong security throughout the software development lifecycle — making security a proactive, built-in part of design and delivery.

Key Responsibilities:

  • Identify, analyze, and neutralize critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations.
  • Drive the end-to-end vulnerability lifecycle — proactive threat modeling, advanced security assessments, and remediation validation.
  • Support integration of security controls into application architectures, APIs, and services; advise on secure design patterns, data protection, and secure communication protocols.
  • Obtain, review, and analyze web server and application logs to detect anomalies and indicators of compromise.
  • Implement automation scripts for threat-intelligence integration; support end-to-end response to web application security events.
  • Maintain documentation of findings, remediation steps, and security controls.
  • Ensure web applications and cloud infrastructure comply with NIST SP 800-53, FISMA, and FedRAMP (as applicable); participate in audits, risk assessments, and authorization.

Required Qualifications:

  • Extensive hands-on secure software development, DevSecOps automation, and vulnerability remediation.
  • Proficiency in log analysis, file integrity monitoring (FIM), and managing web application firewalls (WAF).
  • Minimum 3 years in Web Application Security, AppSec, or secure SDLC (SSDLC).
  • Development with modern web technologies and frameworks including .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL.
  • Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API/Codex) and scripting (Python, JavaScript/Node.js, Java, React.js, TypeScript) to automate security monitoring and compliance audits.
  • Strong understanding of OWASP Top 10, secure coding standards, and mitigation of common web vulnerabilities.
  • Deploying, tuning, and maintaining WAF solutions tailored to custom applications and traffic patterns.
  • Configuring/managing File Integrity Monitoring (FIM) for web content directories.
  • Familiarity with security testing tools — Wireshark, SIEM, IDS/IPS, NDR, or EDR.
  • Evaluating/recommending/implementing security controls for mobile device and mobile-web interfaces.
  • Performing complex risk assessments, analyzing cyber threats, and providing remediation guidance for core systems and dependencies.
  • Implementing DevSecOps principles — integrating security controls throughout the CI/CD pipeline.
  • Developing security metrics, managing compliance reporting, and auditing systems against baselines.
  • Effective cross-team collaboration and independent work; providing Tier II support for security operations.

Education:

  • Bachelor’s degree (or higher) in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field.

Certification:

  • Specialized AppSec: CSSLP (Certified Secure Software Lifecycle Professional); GWEB (GIAC Certified Web Application Defender); CASE (EC-Council Certified Application Security Engineer).
  • Offensive Security: OSWE (OffSec Web Expert); OSCP (Offensive Security Certified Professional).
  • Foundational Security: Security+; GSEC.


Join Our Team:

At CMT Services, we believe that extraordinary results come from empowering exceptional people. If you're ready to lead innovative projects, solve complex challenges, and contribute to meaningful infrastructure development while advancing your career in a supportive, collaborative environment, we want to hear from you.

Disclaimer:

By submitting your resume for this job posting, you authorize CMT Services, Inc. to forward your resume to all applicable internal and external managers, agencies, and recruitment personnel for review and consideration to hire.

Similar jobs