Cybervance
Web Application Security Subject Matter Expert / Technical Lead
Cybervance, Bethesda, Maryland, us, 20811
Position Title:
Web Application Security Subject Matter Expert / Technical Lead
Location: Bethesda, MD | Hybrid- Not Remote
Cybervance is a rapidly growing information security and information technology company based in Washington, D.C., and we are an equal opportunity employer. We design, develop, and manage the successful execution of training programs for government and private sector organizations. Cybervance believes in creating innovative solutions to deliver measured results.
We are seeking an experienced Web Application Security Subject-Matter Expert (SME) / Technical Lead to provide expert-level guidance and technical oversight for enterprise web application security operations. The SME will lead vulnerability assessments, secure coding reviews, and remediation strategies to protect mission-critical applications from cyber threats and ensure compliance with organizational and federal security standards.
This role requires deep hands-on experience with web application vulnerability assessment tools, application security frameworks, and remediation practices. The ideal candidate will possess both the technical depth to identify vulnerabilities and the leadership skills to drive enterprise-level mitigation and continuous improvement.
Responsibilities Lead web application security operations across enterprise environments, including vulnerability assessment, threat modeling, and secure application architecture reviews. Operate and maintain automated and manual web vulnerability assessment tools to identify misconfigurations, missing patches, insecure code, and other weaknesses that could expose applications to cyberattacks. Analyze and interpret vulnerability assessment results, translating findings into actionable remediation plans and risk-reduction strategies. Develop and implement processes for prioritizing vulnerabilities, ensuring critical weaknesses are addressed first, and remediation efforts align with organizational risk management priorities. Collaborate with developers, DevOps teams, and system owners to remediate findings in application code and configurations. Secure web application platforms built on Python, PHP, Java/JavaScript, C#, and SQL by ensuring adherence to secure coding and configuration best practices. Develop and maintain content and reporting mechanisms, including dashboards and metrics for vulnerability remediation progress, compliance tracking, and management reporting. Provide technical leadership and mentoring to cybersecurity engineers and developers on secure application development and vulnerability mitigation techniques. Recommend and implement enhancements to web application security tools, processes, and automation for continuous improvement. Stay current on emerging web vulnerabilities, exploitation techniques, and best practices for defense-in-depth and web security hardening. Experience
Demonstrated experience operating web vulnerability assessment tools (e.g., Burp Suite, Acunetix, Qualys Web Application Scanner, OWASP ZAP, or equivalent). Proven ability to analyze and interpret vulnerability scan results and communicate findings to technical and non-technical stakeholders. Hands-on experience securing web application platforms, including Python, PHP, Java/JavaScript, C#, and SQL-based applications. Experience prioritizing vulnerabilities and remediation activities to address high-risk issues efficiently. Demonstrated ability to develop content, dashboards, and reports to monitor vulnerability status, remediation progress, and compliance posture. Strong understanding of OWASP Top 10, secure software development lifecycle (SDLC), and web application penetration testing techniques. Familiarity with web servers and API security, including common misconfigurations and patch management practices. Ability to collaborate effectively across cross-functional teams and communicate complex technical issues clearly. Required Skills & Qualifications
Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field (preferred). Current government security clearance: Public Trust. Preferred Qualifications
Professional certifications such as GWAPT, CEH, CISSP, CSSLP, or OSWE. Experience integrating web application vulnerability scanning into DevSecOps pipelines. Familiarity with cloud-based web application security, including AWS WAF, Azure App Service Security, and containerized environments. Experience supporting federal cybersecurity compliance frameworks such as FedRAMP, FISMA, and NIST RMF.
Web Application Security Subject Matter Expert / Technical Lead
Location: Bethesda, MD | Hybrid- Not Remote
Cybervance is a rapidly growing information security and information technology company based in Washington, D.C., and we are an equal opportunity employer. We design, develop, and manage the successful execution of training programs for government and private sector organizations. Cybervance believes in creating innovative solutions to deliver measured results.
We are seeking an experienced Web Application Security Subject-Matter Expert (SME) / Technical Lead to provide expert-level guidance and technical oversight for enterprise web application security operations. The SME will lead vulnerability assessments, secure coding reviews, and remediation strategies to protect mission-critical applications from cyber threats and ensure compliance with organizational and federal security standards.
This role requires deep hands-on experience with web application vulnerability assessment tools, application security frameworks, and remediation practices. The ideal candidate will possess both the technical depth to identify vulnerabilities and the leadership skills to drive enterprise-level mitigation and continuous improvement.
Responsibilities Lead web application security operations across enterprise environments, including vulnerability assessment, threat modeling, and secure application architecture reviews. Operate and maintain automated and manual web vulnerability assessment tools to identify misconfigurations, missing patches, insecure code, and other weaknesses that could expose applications to cyberattacks. Analyze and interpret vulnerability assessment results, translating findings into actionable remediation plans and risk-reduction strategies. Develop and implement processes for prioritizing vulnerabilities, ensuring critical weaknesses are addressed first, and remediation efforts align with organizational risk management priorities. Collaborate with developers, DevOps teams, and system owners to remediate findings in application code and configurations. Secure web application platforms built on Python, PHP, Java/JavaScript, C#, and SQL by ensuring adherence to secure coding and configuration best practices. Develop and maintain content and reporting mechanisms, including dashboards and metrics for vulnerability remediation progress, compliance tracking, and management reporting. Provide technical leadership and mentoring to cybersecurity engineers and developers on secure application development and vulnerability mitigation techniques. Recommend and implement enhancements to web application security tools, processes, and automation for continuous improvement. Stay current on emerging web vulnerabilities, exploitation techniques, and best practices for defense-in-depth and web security hardening. Experience
Demonstrated experience operating web vulnerability assessment tools (e.g., Burp Suite, Acunetix, Qualys Web Application Scanner, OWASP ZAP, or equivalent). Proven ability to analyze and interpret vulnerability scan results and communicate findings to technical and non-technical stakeholders. Hands-on experience securing web application platforms, including Python, PHP, Java/JavaScript, C#, and SQL-based applications. Experience prioritizing vulnerabilities and remediation activities to address high-risk issues efficiently. Demonstrated ability to develop content, dashboards, and reports to monitor vulnerability status, remediation progress, and compliance posture. Strong understanding of OWASP Top 10, secure software development lifecycle (SDLC), and web application penetration testing techniques. Familiarity with web servers and API security, including common misconfigurations and patch management practices. Ability to collaborate effectively across cross-functional teams and communicate complex technical issues clearly. Required Skills & Qualifications
Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field (preferred). Current government security clearance: Public Trust. Preferred Qualifications
Professional certifications such as GWAPT, CEH, CISSP, CSSLP, or OSWE. Experience integrating web application vulnerability scanning into DevSecOps pipelines. Familiarity with cloud-based web application security, including AWS WAF, Azure App Service Security, and containerized environments. Experience supporting federal cybersecurity compliance frameworks such as FedRAMP, FISMA, and NIST RMF.