Security Specialist / Application Security Lead jobs in United States
cer-icon
Apply on Employer Site
company-logo

Zantech ยท 5 hours ago

Security Specialist / Application Security Lead

positionCamp Springs, MD
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
date10+ years exp

Zantech is a dynamic Woman Owned Small Business focused on providing complex, mission-focused solutions. They are looking for a talented Security Specialist / Application Security Lead to ensure secure software delivery through integrated security controls and collaborate with teams to implement automated security testing.

Information Technology & Services
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Establish and maintain application security standards and best practices for USCIS OIT
Define security controls and gates for integration within CI/CD pipelines
Design Zero Trust architecture implementations covering identity, workload, network, and data protection
Lead integration of SAST and DAST tools
Implement container security scanning and vulnerability management (Aqua Security, Snyk)
Establish Infrastructure as Code (IaC) security scanning and policy enforcement
Integrate secrets management (HashiCorp Vault) and secure credential handling
Identify threats and measure potential vulnerabilities in systems, applications, and services
Conduct security assessments and coordinate penetration testing
Track vulnerability remediation SLAs and metrics
Implement Zero Trust principles across Applications and Workloads realm
Design and validate identity-based access controls (Okta, AWS IAM)
Establish micro-segmentation and workload isolation patterns
Implement policy-as-code using Open Policy Agent (OPA)
Automate enforcement of security and compliance controls
Support ATO/Continuous Authorization processes with automated security control validation

Qualification

CI/CD toolsContainer orchestrationInfrastructure-as-CodeAWS cloud servicesApplication SecurityScripting abilitiesSecurity scanning toolsMonitoring toolsZero Trust principlesPolicy-as-CodeSecrets managementNIST frameworksDHS security requirementsSoft skills

Required

Minimum 10 years of IT engineering experience
Minimum 5 years in DevSecOps, DevOps, or Platform Engineering roles
Minimum 3 years of federal government experience, preferably DHS or civilian agencies
Demonstrated experience designing and implementing enterprise CI/CD solutions
Experience with cloud-native application development and deployment
Track record of successful DevSecOps transformations in complex enterprise environments
Expert-level knowledge of CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions, or similar)
Deep expertise with container orchestration platforms (Kubernetes, OpenShift, EKS, ECS)
Advanced proficiency with Infrastructure-as-Code tools (Terraform, CloudFormation, Ansible)
Strong scripting abilities (Python, Bash, PowerShell, Go)
Extensive experience with AWS cloud services (EC2, S3, Lambda, RDS, VPC, IAM, etc.)
Expert knowledge of Git workflows and version control strategies
Proficiency with security scanning tools (SonarQube, Veracode, Checkmarx, Twistlock, Aqua)
Experience with monitoring and observability tools (Prometheus, Grafana, ELK Stack, Datadog, Splunk)
Understanding of Zero Trust Architecture principles and implementation
Knowledge of FedRAMP, FISMA, and NIST frameworks (800-53, 800-171)
Familiarity with DHS security requirements and authorization processes
Understanding of Section 508 compliance requirements
Experience with AWS GovCloud and FedRAMP-authorized services
Knowledge of continuous ATO (cATO) processes
Expert: SAST/DAST tools (Checkmarx, Fortify, SonarQube, Burp Suite, OWASP ZAP)
Expert: Container scanning (Aqua Security, Snyk, Twistlock)
Expert: AWS Security services (Security Hub, GuardDuty, Config, IAM)
Proficient: Open Policy Agent, HashiCorp Vault, Okta
Proficient: Kubernetes security, Zero Trust architecture
Knowledge: NIST 800-53, OWASP Top 10, FedRAMP
Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, or related field
Master's degree preferred
Certifications (Recommended - Minimum 1): Certified Information Systems Security Professional (CISSP), AWS Certified Security - Specialty, Certified Cloud Security Professional (CCSP), CEH, OSCP, GWAPT, CSSLP (desired)
US Citizenship and the ability to obtain and maintain an active Public Trust or higher clearance, per contract requirements

Preferred

Experience with DHS or USCIS security requirements and controls
Hands-on experience with DHS security authorization processes (ATO/Continuous Authorization)
Understanding of immigration data sensitivity and PII protection requirements

Benefits

Competitive compensation
Strong benefits
Vacation package

Company

Zantech

twitter
company-logo
Zantech delivers advanced technology solutions to US Government agencies, specializing in digital modernization, cybersecurity, and cloud computing for mission-critical operations across defense, intelligence, and civilian sectors.
dateFounded in 2007
location
Reston, Virginia, US
people-size51-200 employees
web-link
https://www.zantechit.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Zia Islam
Founder & COO
linkedin
Company data provided by crunchbase