Application Security & Web/App Scanning Engineering SME

Job Description

Job Description

Brief Overview of Position:

Strategic Operational Solutions (STOPSO) is seeking candidates for an Application Security & Web/App Scanning Engineering SME to support a Department of Homeland Security client. STOPSO is ISO 9001, ISO 20000-1, ISO 27001 certified and CMMI-SVC Level 2 appraised IT Services and Solutions company. We look for talented people to join our Team to develop and deliver solutions. Our environment is cutting-edge and highly rewarding, our team members are constantly learning and sharing their knowledge with our customers and each other. The person will fill a vital role within an organization, particularly within federal programs, where the emphasis lies on ensuring compliance, transparency, and efficiency in financial processes. The position requires someone with a deep expertise in web and application scanning, penetration testing, and stakeholder engagement. This role bridges technical depth and communication, helping organizations identify, explain, and remediate security risks.

Key Responsibilities:

• Lead and perform dynamic application scanning (DAST), static code reviews (SAST), and manual penetration testing
• Configure and optimize scanning tools (e.g., Burp Suite, Fortify, WebInspect, OWASP ZAP)
• Translate complex findings into clear, actionable insights for internal (to the team) and external stakeholders (Federal partners)
• Develop and deliver briefings, executive summaries, and security presentations for internal and client leadership
• Collaborate with Engineering, Operations, System Owners and Compliance teams to close findings
• Contribute to secure SDLC practices and app security policy development
• Must be a U.S Citizen with an active secret clearance

Qualifications:

• Education: Bachelor's degree
• 8+ years of experience in web/app security, with hands-on scanning and testing expertise
• Strong working knowledge of OWASP Top 10, CVSS, and secure coding principles
• Comfortable using tools like Fortify SSC, WebInspect, and similar
• Exceptional written and verbal communication skills with ability distill risk for both technical and non-technical audiences