Fast Facts

Cybervance is seeking an experienced Web Application Security Subject Matter Expert/Technical Lead to oversee enterprise web application security operations, including vulnerability assessments and secure coding practices.

Responsibilities: Key responsibilities include leading web application security operations, conducting vulnerability assessments, collaborating with development teams for remediation, and providing technical leadership in secure application development.

Skills: Required skills include hands-on experience with web vulnerability assessment tools, secure coding practices, and the ability to analyze and communicate vulnerability findings effectively.

Qualifications: Preferred qualifications include a degree in a relevant field, current government security clearance, and certifications like GWAPT or CISSP.

Location: The job is based in Bethesda, MD, with a hybrid work model.

Compensation: Not provided by employer. Typical compensation ranges for this position are between $120,000 - $180,000.

Position Title: Web Application Security Subject Matter Expert / Technical Lead

Location: Bethesda, MD | Hybrid- Not Remote

Cybervance is a rapidly growing information security and information technology company based in Washington, D.C., and we are an equal opportunity employer. We design, develop, and manage the successful execution of training programs for government and private sector organizations. Cybervance believes in creating innovative solutions to deliver measured results.

We are seeking an experienced Web Application Security Subject-Matter Expert (SME) / Technical Lead to provide expert-level guidance and technical oversight for enterprise web application security operations. The SME will lead vulnerability assessments, secure coding reviews, and remediation strategies to protect mission-critical applications from cyber threats and ensure compliance with organizational and federal security standards.

This role requires deep hands-on experience with web application vulnerability assessment tools, application security frameworks, and remediation practices. The ideal candidate will possess both the technical depth to identify vulnerabilities and the leadership skills to drive enterprise-level mitigation and continuous improvement.

Responsibilities

• Lead web application security operations across enterprise environments, including vulnerability assessment, threat modeling, and secure application architecture reviews.
• Operate and maintain automated and manual web vulnerability assessment tools to identify misconfigurations, missing patches, insecure code, and other weaknesses that could expose applications to cyberattacks.
• Analyze and interpret vulnerability assessment results, translating findings into actionable remediation plans and risk-reduction strategies.
• Develop and implement processes for prioritizing vulnerabilities, ensuring critical weaknesses are addressed first, and remediation efforts align with organizational risk management priorities.
• Collaborate with developers, DevOps teams, and system owners to remediate findings in application code and configurations.
• Secure web application platforms built on Python, PHP, Java/JavaScript, C#, and SQL by ensuring adherence to secure coding and configuration best practices.
• Develop and maintain content and reporting mechanisms, including dashboards and metrics for vulnerability remediation progress, compliance tracking, and management reporting.
• Provide technical leadership and mentoring to cybersecurity engineers and developers on secure application development and vulnerability mitigation techniques.
• Recommend and implement enhancements to web application security tools, processes, and automation for continuous improvement.
• Stay current on emerging web vulnerabilities, exploitation techniques, and best practices for defense-in-depth and web security hardening.

Experience

• Demonstrated experience operating web vulnerability assessment tools (e.g., Burp Suite, Acunetix, Qualys Web Application Scanner, OWASP ZAP, or equivalent).
• Proven ability to analyze and interpret vulnerability scan results and communicate findings to technical and non-technical stakeholders.
• Hands-on experience securing web application platforms, including Python, PHP, Java/JavaScript, C#, and SQL-based applications.
• Experience prioritizing vulnerabilities and remediation activities to address high-risk issues efficiently.
• Demonstrated ability to develop content, dashboards, and reports to monitor vulnerability status, remediation progress, and compliance posture.
• Strong understanding of OWASP Top 10, secure software development lifecycle (SDLC), and web application penetration testing techniques.
• Familiarity with web servers and API security, including common misconfigurations and patch management practices.
• Ability to collaborate effectively across cross-functional teams and communicate complex technical issues clearly.

Required Skills & Qualifications

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field (preferred).
• Current government security clearance: Public Trust.

Preferred Qualifications

• Professional certifications such as GWAPT, CEH, CISSP, CSSLP, or OSWE.
• Experience integrating web application vulnerability scanning into DevSecOps pipelines.
• Familiarity with cloud-based web application security, including AWS WAF, Azure App Service Security, and containerized environments.
• Experience supporting federal cybersecurity compliance frameworks such as FedRAMP, FISMA, and NIST RMF.