Application Security & Web/App Scanning Engineering SME

Brief Overview of Position: Strategic Operational Solutions (STOPSO) is seeking candidates for an Application Security & Web/App Scanning Engineering SME to support a Department of Homeland Security client. STOPSO is ISO 9001, ISO 20000-1, ISO 27001 certified and CMMI-SVC Level 2 appraised IT Services and Solutions company. We look for talented people to join our Team to develop and deliver solutions. Our environment is cutting-edge and highly rewarding, our team members are constantly learning and sharing their knowledge with our customers and each other. The person will fill a vital role within an organization, particularly within federal programs, where the emphasis lies on ensuring compliance, transparency, and efficiency in financial processes. The position requires someone with a deep expertise in web and application scanning, penetration testing, and stakeholder engagement. This role bridges technical depth and communication, helping organizations identify, explain, and remediate security risks. Key Responsibilities: Lead and perform dynamic application scanning (DAST), static code reviews (SAST), and manual penetration testing Configure and optimize scanning tools (e.g., Burp Suite, Fortify, WebInspect, OWASP ZAP) Translate complex findings into clear, actionable insights for internal (to the team) and external stakeholders (Federal partners) Develop and deliver briefings, executive summaries, and security presentations for internal and client leadership Collaborate with Engineering, Operations, System Owners and Compliance teams to close findings Contribute to secure SDLC practices and app security policy development Must be a U.S Citizen with an active secret clearance Qualifications: Education: Bachelor's degree 8+ years of experience in web/app security, with hands-on scanning and testing expertise Strong working knowledge of OWASP Top 10, CVSS, and secure coding principles Comfortable using tools like Fortify SSC, WebInspect, and similar Exceptional written and verbal communication skills with ability distill risk for both technical and non-technical audiences #J-18808-Ljbffr