Apply on Employer Site

MBL · 3 months ago

Web Application Security SME/Technical Lead

Bethesda, MD

Full-time

Onsite

Senior Level

MBL Technologies, Inc. offers a diverse set of management and technology consulting services to Federal government and commercial markets. They are seeking a Web Application Security Subject-Matter Expert (SME) / Technical Lead to provide expert technical support and leadership for a federal cybersecurity program, focusing on identifying, assessing, and mitigating vulnerabilities across web-based systems and applications.

AdviceProject ManagementProperty ManagementReal Estate

Growth Opportunities

Responsibilities

Lead the design, implementation, and management of the agency’s web application security program, ensuring alignment with federal cybersecurity policies and frameworks

Operate and maintain automated and manual web application vulnerability assessment tools to detect weaknesses such as misconfigurations, missing patches, insecure coding practices, and other security flaws

Analyze, interpret, and validate scan results, providing actionable recommendations for remediation and risk reduction

Develop and maintain custom scripts, test cases, or configurations to enhance application vulnerability detection and validation

Coordinate vulnerability testing across production, staging, and development environments to ensure comprehensive security coverage

Serve as the primary technical lead and subject-matter expert for web application security assessments, remediation planning, and vulnerability management strategies

Collaborate with developers, system administrators, and cybersecurity operations teams to prioritize and remediate vulnerabilities efficiently

Provide guidance on secure coding practices and assist in the development of security standards for web applications and APIs

Prioritize findings based on exploitability, potential impact, and risk, ensuring that the most critical vulnerabilities are addressed first

Develop and maintain content such as reports, dashboards, and data visualizations to communicate remediation status, risk trends, and vulnerability metrics

Provide executive-level and technical reporting on web application security posture, remediation progress, and compliance status

Identify systemic weaknesses and propose long-term improvements to enhance application security controls and processes

Stay current with emerging web application threats, vulnerabilities, and mitigation technologies to continuously evolve program effectiveness

Qualification

Web application securityVulnerability assessment toolsWeb application architecturesRisk-based remediationPythonCISSPDevSecOps practicesAnalytical skillsCommunication skillsCollaboration skills

Required

Demonstrated experience operating and managing web application vulnerability assessment tools (e.g., Burp Suite, Acunetix, Netsparker, Qualys WAS, or OWASP ZAP)

Strong technical understanding of web application platforms, languages, and frameworks, including Python, PHP, Java/JavaScript, C#, and SQL

Proven ability to analyze and interpret vulnerability scan data, develop risk-based remediation plans, and track mitigation activities

Experience developing reports, dashboards, and performance metrics for vulnerability management tracking and decision support

Excellent analytical, communication, and collaboration skills, with the ability to interface effectively with both technical teams and senior leadership