Web Application Security SME / Technical Lead - NIH

Web Application Security Subject-Matter Expert / Technical Lead Overview cFocus Software is seeking a Web Application Security Subject-Matter Expert (SME) / Technical Lead to provide advanced technical guidance and leadership in securing federal web applications and platforms.

The SME / Technical Lead will operate vulnerability assessment tools, analyze application security weaknesses, and develop dashboards and reports to track remediation efforts.

This role requires a deep understanding of application security principles, secure coding practices, and vulnerability management across various development environments.

This is a full-time position that may require on-site support at federal agency locations in the Washington, D.C. metro area.

Some telework flexibility may be available depending on mission requirements.   Must be able to obtain and maintain a Public Trust or higher-level security clearance as required by the agency.

Responsibilities The Web Application Security SME / Technical Lead shall perform duties that include, but are not limited to :

• Lead the execution of web application vulnerability assessments using both automated and manual tools to identify security flaws, misconfigurations, and missing patches.
• Analyze and interpret scan results to identify exploitable vulnerabilities, prioritize findings, and recommend appropriate remediation strategies.
• Ensure web applications and associated platforms are configured and maintained in compliance with federal cybersecurity standards and secure coding practices.
• Operate and maintain web vulnerability assessment tools and integrate results into enterprise dashboards and reporting systems.
• Develop reporting and dashboards for vulnerability remediation analysis, status tracking, and compliance documentation.
• Collaborate with software developers, system administrators, and cybersecurity engineers to remediate vulnerabilities and enhance application security posture.
• Conduct security reviews of web application architectures and provide recommendations for risk mitigation and design improvements.
• Develop and implement security baselines, policies, and standard operating procedures (SOPs) for web application security.
• Support security testing and validation during all phases of the software development lifecycle (SDLC).
• Provide subject-matter expertise for penetration testing, vulnerability management, and continuous monitoring initiatives related to web applications.
• Required Qualifications Demonstrable knowledge, skills, and experience in operating and maintaining automated or manual tools to identify web application weaknesses such as misconfigurations, missing patches, and other security flaws.
• Experience operating web vulnerability assessment tools and analyzing and interpreting results.
• Experience securing web application platforms such as Python, PHP, Java / JavaScript, C#, and SQL.
• Ability to prioritize findings or configuration settings to address the most critical vulnerabilities first.
• Experience developing reporting and dashboards for vulnerability remediation analysis, status, and tracking.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (preferred).
• Preferred Qualifications Experience securing federal or DHS web application environments.
• Knowledge of OWASP Top 10, NIST SP 800-53, and related web application security frameworks.
• Proficiency with web vulnerability scanning tools such as Burp Suite, Acunetix, Nessus, Qualys, or similar technologies.
• Experience integrating vulnerability assessment data with SIEM and compliance reporting tools.
• Strong understanding of secure coding practices, DevSecOps principles, and web application development lifecycles.
• Ability to communicate complex security findings to developers and executives effectively.
• About cFocus Software cFocus Software Incorporated provides cybersecurity, cloud, and enterprise IT services to the federal government.
• Our team of experts delivers innovative solutions that protect critical assets and enable mission success.
• Equal Employment Opportunity Statement cFocus Software Incorporated is an Equal Opportunity Employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.