HHS Application Security Engineer

Rockville, MD - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Application Security Engineer to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Computer Science Cybersecurity Information Systems or related field.
5 years of experience in application security or secure software development.
Hands-on experience with SAST/DAST tools dependency scanning and code review.
Knowledge of OWASP Top 10 secure coding practices and vulnerability remediation.
Experience supporting DevSecOps and CI/CD security integration.
Familiarity with federal security standards (NIST SP 800-53 RMF FISMA).
Strong written and verbal communication skills.
CSSLP GWAPT CEH or equivalent (preferred)
AWS/Azure security certifications (preferred)

Duties:

Conduct application security assessments including SAST DAST SCA SBOM analysis and secure code reviews.
Analyze vulnerability scan results and determine applicability severity and business risk.
Provide remediation guidance to developers based on secure coding standards (OWASP NIST HHS guidance).
Support integration of automated security testing within CI/CD pipelines.
Perform API security testing including authentication authorization and endpoint validation.
Validate remediation through follow-up testing and evidence review.
Support penetration testing activities related to application and web services.
Maintain application security documentation reports and dashboards.
Support zero-day and KEV-based vulnerability response activities.
Coordinate with ISSOs system owners and developers to ensure vulnerabilities are tracked and remediated within SLA.