Home › Companies › Careers Edgewaterit Icims Com › Application Security Engineer
Application Security Engineer
Careers Edgewaterit Icims Com · Washington, DC, US · Remote · Active · $140,000–$160,000 / month · iCIMS
Job facts
| Field | Value |
|---|---|
| Company | Careers Edgewaterit Icims Com |
| Title | Application Security Engineer |
| Normalized title | - |
| Department / team | Information Technology |
| Location | Washington, DC, United States |
| Work model | Remote / Remote |
| Employment type | Full Time |
| Salary | $140,000–$160,000 / month |
| Status | active |
| ATS provider | iCIMS |
| Posted / first seen | 2024-06-18 / 2026-06-02 |
| Changed / last seen | 2026-06-18 / 2026-06-18 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from Careers Edgewaterit Icims Com. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through iCIMS. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in Washington. | Open |
| Department jobs | Active postings in Information Technology. | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | Careers Edgewaterit Icims Com |
| Source | 87230910-1a6a-47c4-85c3-bb2b3c46da66 |
| ATS provider | iCIMS |
Description
Overview
Edgewater is currently seeking an Application Security Engineer who will be a hands-on subject matter expert in Microsoft Azure cloud technologies, application security, security architectures, security tools, and methodologies. The Application Security Engineer will support our federal customer in Washington DC. This is a hands-on technical role that will provide the right candidate with an exciting opportunity to develop the federal customer’s application security program, working with developers and the organization to meet the strategic security goals of the agency.
This is a remote position but requires the candidate to work at the federal site in Washington DC at least two days a month so candidates local to the Washington, DC area strongly preferred.
Due to the contract and nature of the work, US Citizenship is required to obtain a Department of Energy security clearance.
Responsibilities
Drive the strategic maturation of the agency’s Application Security (AppSec) program by defining security standards, scaling automation, and embedding secure development practices across all product lifecycles.
Perform SAST assessments using Veracode and GitHub Advanced Security, identifying code-level vulnerabilities and providing remediation guidance.
Conduct and analyze DAST scans, including configuration, execution, and triage of results.
Evaluate and prioritize vulnerabilities using industry frameworks such as CVSS, CWE, OWASP Top 10, WASC, and SANS Top 25.
Collaborate with development, DevOps, and security teams to integrate security controls into CI/CD pipelines and the broader SDLC.
Provide expert advice on secure coding principles and assist developers in resolving security findings.
Troubleshoot application and connectivity issues in Linux-based environments.
Contributes to the design and implementation of enterprise-wide application security controls.
Ensure alignment with federal security and compliance standards, including NIST 800‑53, FIPS, and FedRAMP.
Maintain awareness of emerging threats, vulnerabilities, and best practices in application security.
Qualifications
Experience supporting SAST/DAST environments using Veracode.
Experience with SCA tools and vulnerability remediation
Experience leveraging CI/CD deployment methodologies and infrastructure as code (IaC)
Experience writing playbooks and scripts for automation tools including Terraform, Ansible for IaC
Demonstrate proficiency with a scripting or coding language, preferably Python.
Proficiency in automation and scripting, such as PowerShell, Python, Bash, and Terraform.
Ability to discuss Information Security concepts such as defense in depth and zero trust.
Demonstrate ability to communicate ideas both verbally and in writing to management, business and IT stakeholders, and technical resources in language that is appropriate for each group.
Ability to work collaboratively with developers across multiple departments
Ability to work effectively in a fast-paced, project-oriented environment
Ability to analyze and prioritize vulnerabilities based on risk
Strong technical acumen, communication, and influence skills
Working knowledge of system hardening (CIS, STIGs regulatory compliance)
Experience working with and supporting Unix/Linux and Windows systems.
Experience with SCA tools and vulnerability remediation in containers
Container orchestration and container security experience
3+ years in application security supporting SAST, DAST, and SCA environments
3+ years of experience designing and implementing application security controls
3+ years of experience working in Linux-based environments, including troubleshooting application and connectivity issues.
Knowledge of federal security and compliance standards (NIST 800-53, FIPS, FedRAMP).
Preferred Qualifications:
Experience in securing Azure cloud infrastructure (i.e., inspection, logging, WAF, VM)
Experience with Azure DevOps
Practical implementation and architectural experience in encryption techniques, including data at rest and in transit
Prior experience as a software developer is highly preferred
Requirements:
Bachelor’s degree in computer science or related fields
Minimum of 8 years of experience in Information Security or related fields
CISSP or equivalent (CompTIA Security+, CEH, or DoD equivalent)
Preferred Certifications:
ISC2 Certified Information Systems Security Professional (CISSP)
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
GIAC Web Application Penetration Tester (GWAPT)
Microsoft Azure Security Engineer (AZ‑500)
HashiCorp Terraform Associate (Infrastructure as Code)
Salary: $140,000 - $160,000
About Us:
Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2025.
It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law.status protected by applicable law.
Full job record
| Job ID | 5a0d20d0634b964d68dabfb0f8c5f76ce74e0734 |
| Org ID | 5cbc1702-45d0-4d5e-9530-547530c47319 |
| Source ID | 87230910-1a6a-47c4-85c3-bb2b3c46da66 |
| Board ID | 87230910-1a6a-47c4-85c3-bb2b3c46da66 |
| Provider | icims |
| Provider Job Key | 4623 |
| Title | Application Security Engineer |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | Washington, DC, US |
| Department | Information Technology |
| Team | — |
| Employment Type | full_time |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | United States |
| Region | DC |
| City | Washington |
| Salary Raw | Overview Edgewater is currently seeking an Application Security Engineer who will be a hands-on subject matter expert in Microsoft Azure cloud technologies, application security, security architectures, security tools, and methodologies. The Application Security Engineer will support our federal customer in Washington DC. This is a hands-on technical role that will provide the right candidate with an exciting opportunity to develop the federal customer’s application security program, working with developers and the organization to meet the strategic security goals of the agency. This is a remote position but requires the candidate to work at the federal site in Washington DC at least two days a month so candidates local to the Washington, DC area strongly preferred. Due to the contract and nature of the work, US Citizenship is required to obtain a Department of Energy security clearance. Responsibilities Drive the strategic maturation of the agency’s Application Security (AppSec) program by defining security standards, scaling automation, and embedding secure development practices across all product lifecycles. Perform SAST assessments using Veracode and GitHub Advanced Security, identifying code-level vulnerabilities and providing remediation guidance. Conduct and analyze DAST scans, including configuration, execution, and triage of results. Evaluate and prioritize vulnerabilities using industry frameworks such as CVSS, CWE, OWASP Top 10, WASC, and SANS Top 25. Collaborate with development, DevOps, and security teams to integrate security controls into CI/CD pipelines and the broader SDLC. Provide expert advice on secure coding principles and assist developers in resolving security findings. Troubleshoot application and connectivity issues in Linux-based environments. Contributes to the design and implementation of enterprise-wide application security controls. Ensure alignment with federal security and compliance standards, including NIST 800‑53, FIPS, and FedRAMP. Maintain awareness of emerging threats, vulnerabilities, and best practices in application security. Qualifications Experience supporting SAST/DAST environments using Veracode. Experience with SCA tools and vulnerability remediation Experience leveraging CI/CD deployment methodologies and infrastructure as code (IaC) Experience writing playbooks and scripts for automation tools including Terraform, Ansible for IaC Demonstrate proficiency with a scripting or coding language, preferably Python. Proficiency in automation and scripting, such as PowerShell, Python, Bash, and Terraform. Ability to discuss Information Security concepts such as defense in depth and zero trust. Demonstrate ability to communicate ideas both verbally and in writing to management, business and IT stakeholders, and technical resources in language that is appropriate for each group. Ability to work collaboratively with developers across multiple departments Ability to work effectively in a fast-paced, project-oriented environment Ability to analyze and prioritize vulnerabilities based on risk Strong technical acumen, communication, and influence skills Working knowledge of system hardening (CIS, STIGs regulatory compliance) Experience working with and supporting Unix/Linux and Windows systems. Experience with SCA tools and vulnerability remediation in containers Container orchestration and container security experience 3+ years in application security supporting SAST, DAST, and SCA environments 3+ years of experience designing and implementing application security controls 3+ years of experience working in Linux-based environments, including troubleshooting application and connectivity issues. Knowledge of federal security and compliance standards (NIST 800-53, FIPS, FedRAMP). Preferred Qualifications: Experience in securing Azure cloud infrastructure (i.e., inspection, logging, WAF, VM) Experience with Azure DevOps Practical implementation and architectural experience in encryption techniques, including data at rest and in transit Prior experience as a software developer is highly preferred Requirements: Bachelor’s degree in computer science or related fields Minimum of 8 years of experience in Information Security or related fields CISSP or equivalent (CompTIA Security+, CEH, or DoD equivalent) Preferred Certifications: ISC2 Certified Information Systems Security Professional (CISSP) ISC2 Certified Secure Software Lifecycle Professional (CSSLP) GIAC Web Application Penetration Tester (GWAPT) Microsoft Azure Security Engineer (AZ‑500) HashiCorp Terraform Associate (Infrastructure as Code) Salary: $140,000 - $160,000 About Us: Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2025. It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law.status protected by applicable law. |
| Salary Min | 140,000 |
| Salary Max | 160,000 |
| Salary Currency | USD |
| Salary Period | month |
| Source URL | https://careers-edgewaterit.icims.com/jobs/4623/application-security-engineer/job |
| Apply URL | https://careers-edgewaterit.icims.com/jobs/4623/application-security-engineer/job |
| First Seen At | 2026-06-02 13:37:24Z |
| Last Seen At | 2026-06-18 08:32:23Z |
| Last Checked At | 2026-06-18 08:32:23Z |
| Last Changed At | 2026-06-18 08:32:23Z |
| Inactive At | — |
| Source Posted At | 2024-06-18 08:32:22Z |
| Source Updated At | 2026-05-29 19:08:49Z |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=icims/board=careers-edgewaterit.icims.com/date=2026-06-18/2026-06-18T08-32-20-679Z-6cdc97f1956f2255f9722785d050560efe796071324b08be7c81594ab93a9194.json |
Event Fields
{
"content_hash": "03bc8912f14f958dd9cd47c3b58ea35bbd6a93639245089e815b43467111688a",
"source_hash": "8c0f4b2385a6bcebe33e8748e0595b58b274d6281a041db2654856caac6b0411",
"last_changed_at": "2026-06-18T08:32:23.457Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "Washington, DC, US",
"city": "Washington",
"region": "DC",
"country": "United States",
"is_remote": false,
"confidence": 0.8
},
"salary_max": 160000,
"salary_min": 140000,
"inferred_at": "2026-06-18T08:32:23.434Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "Washington, DC, US",
"city": "Washington",
"region": "DC",
"country": "United States",
"is_remote": false,
"confidence": 0.8
},
"countries": [
"United States"
]
},
"remote_policy": "remote",
"salary_period": "month",
"workplace_type": "remote",
"salary_currency": "USD"
}Extensions
{}Native Structured
{
"json_ld": {
"url": "https://careers-edgewaterit.icims.com/jobs/4623/2026-4623/job",
"@type": "JobPosting",
"title": "Application Security Engineer",
"@context": "http://schema.org",
"datePosted": "2024-06-18T08:32:22.431Z",
"description": "<h2>Overview</h2>\n<p>Edgewater is currently seeking an <strong>Application Security Engineer</strong> who will be a hands-on subject matter expert in Microsoft Azure cloud technologies, application security, security architectures, security tools, and methodologies. The Application Security Engineer will support our federal customer in Washington DC. This is a hands-on technical role that will provide the right candidate with an exciting opportunity to develop the federal customer’s application security program, working with developers and the organization to meet the strategic security goals of the agency. </p>\n<p> </p>\n<p><strong>This is a remote position but requires the candidate to work at the federal site in Washington DC at least two days a month so candidates local to the Washington, DC area strongly preferred.</strong></p>\n<p> </p>\n<p><strong>Due to the contract and nature of the work, US Citizenship is required to obtain a Department of Energy security clearance. </strong></p>\n<p> </p>\n<h2>Responsibilities</h2>\n<p> </p>\n<ul>\n <li>Drive the strategic maturation of the agency’s Application Security (AppSec) program by defining security standards, scaling automation, and embedding secure development practices across all product lifecycles.</li>\n <li>Perform SAST assessments using Veracode and GitHub Advanced Security, identifying code-level vulnerabilities and providing remediation guidance.</li>\n <li>Conduct and analyze DAST scans, including configuration, execution, and triage of results.</li>\n <li>Evaluate and prioritize vulnerabilities using industry frameworks such as CVSS, CWE, OWASP Top 10, WASC, and SANS Top 25.</li>\n <li>Collaborate with development, DevOps, and security teams to integrate security controls into CI/CD pipelines and the broader SDLC.</li>\n <li>Provide expert advice on secure coding principles and assist developers in resolving security findings.</li>\n <li>Troubleshoot application and connectivity issues in Linux-based environments.</li>\n <li>Contributes to the design and implementation of enterprise-wide application security controls.</li>\n <li>Ensure alignment with federal security and compliance standards, including NIST 800‑53, FIPS, and FedRAMP.</li>\n <li>Maintain awareness of emerging threats, vulnerabilities, and best practices in application security.</li>\n</ul>\n<h2>Qualifications</h2>\n<ul>\n <li>Experience supporting SAST/DAST environments using Veracode.</li>\n <li>Experience with SCA tools and vulnerability remediation </li>\n <li>Experience leveraging CI/CD deployment methodologies and infrastructure as code (IaC)</li>\n <li>Experience writing playbooks and scripts for automation tools including Terraform, Ansible for IaC</li>\n <li>Demonstrate proficiency with a scripting or coding language, preferably Python.</li>\n <li>Proficiency in automation and scripting, such as PowerShell, Python, Bash, and Terraform.</li>\n <li>Ability to discuss Information Security concepts such as defense in depth and zero trust.</li>\n <li>Demonstrate ability to communicate ideas both verbally and in writing to management, business and IT stakeholders, and technical resources in language that is appropriate for each group.</li>\n <li>Ability to work collaboratively with developers across multiple departments</li>\n <li>Ability to work effectively in a fast-paced, project-oriented environment</li>\n <li>Ability to analyze and prioritize vulnerabilities based on risk</li>\n <li>Strong technical acumen, communication, and influence skills</li>\n <li>Working knowledge of system hardening (CIS, STIGs regulatory compliance)</li>\n <li>Experience working with and supporting Unix/Linux and Windows systems. </li>\n <li>Experience with SCA tools and vulnerability remediation in containers</li>\n <li>Container orchestration and container security experience</li>\n <li>3+ years in application security supporting SAST, DAST, and SCA environments</li>\n <li>3+ years of experience designing and implementing application security controls</li>\n <li>3+ years of experience working in Linux-based environments, including troubleshooting application and connectivity issues.</li>\n <li>Knowledge of federal security and compliance standards (NIST 800-53, FIPS, FedRAMP).</li>\n</ul>\n<p><strong>Preferred Qualifications: </strong></p>\n<ul>\n <li>Experience in securing Azure cloud infrastructure (i.e., inspection, logging, WAF, VM)</li>\n <li>Experience with Azure DevOps</li>\n <li>Practical implementation and architectural experience in encryption techniques, including data at rest and in transit</li>\n <li>Prior experience as a software developer is highly preferred</li>\n</ul>\n<p> </p>\n<p><strong>Requirements:</strong></p>\n<ul>\n <li>Bachelor’s degree in computer science or related fields</li>\n <li>Minimum of 8 years of experience in Information Security or related fields</li>\n <li>CISSP or equivalent (CompTIA Security+, CEH, or DoD equivalent)</li>\n</ul>\n<p><strong> Preferred Certifications:</strong></p>\n<ul>\n <li>ISC2 Certified Information Systems Security Professional (CISSP)</li>\n <li>ISC2 Certified Secure Software Lifecycle Professional (CSSLP)</li>\n <li>GIAC Web Application Penetration Tester (GWAPT)</li>\n <li>Microsoft Azure Security Engineer (AZ‑500)</li>\n <li>HashiCorp Terraform Associate (Infrastructure as Code)</li>\n</ul>\n<p> </p>\n<p><strong>Salary:</strong> $140,000 - $160,000</p>\n<p> </p>\n<p><strong>About Us:</strong></p>\n<p>Edgewater Federal Solutions is a privately held government contracting firm located in Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services and timely delivery. Edgewater Federal Solutions is ISO 9001, 20000-1, 270001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area Small Companies for 2018 through 2025.</p>\n<p> </p>\n<p>It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, marital status, veteran status, and/or other statuses protected by applicable law.status protected by applicable law. </p>\n<p> </p>",
"directApply": true,
"jobLocation": [
{
"@type": "Place",
"address": {
"@type": "PostalAddress",
"postalCode": "20585",
"addressRegion": "DC",
"streetAddress": "UNAVAILABLE",
"addressCountry": "US",
"addressLocality": "Washington",
"postOfficeBoxNumber": "UNAVAILABLE"
}
}
],
"validThrough": "2027-06-18T08:32:22.431Z",
"employmentType": "FULL_TIME",
"jobLocationType": "TELECOMMUTE",
"responsibilities": " \r\n- Drive the strategic maturation of the agency’s Application Security (AppSec) program by defining security standards, scaling automation, and embedding secure development practices across all product lifecycles.\r\n- Perform SAST assessments using Veracode and GitHub Advanced Security, identifying code-level vulnerabilities and providing remediation guidance.\r\n- Conduct and analyze DAST scans, including configuration, execution, and triage of results.\r\n- Evaluate and prioritize vulnerabilities using industry frameworks such as CVSS, CWE, OWASP Top 10, WASC, and SANS Top 25.\r\n- Collaborate with development, DevOps, and security teams to integrate security controls into CI/CD pipelines and the broader SDLC.\r\n- Provide expert advice on secure coding principles and assist developers in resolving security findings.\r\n- Troubleshoot application and connectivity issues in Linux-based environments.\r\n- Contributes to the design and implementation of enterprise-wide application security controls.\r\n- Ensure alignment with federal security and compliance standards, including NIST 800‑53, FIPS, and FedRAMP.\r\n- Maintain awareness of emerging threats, vulnerabilities, and best practices in application security.",
"hiringOrganization": {
"name": "Edgewater Federal Solutions, Inc.",
"@type": "Organization",
"sameAs": "www.edgewaterit.com"
},
"occupationalCategory": "Information Technology"
},
"detail_meta": {
"url": "https://careers-edgewaterit.icims.com/jobs/4623/application-security-engineer/job?in_iframe=1",
"http_status": 200,
"content_type": "text/html;charset=UTF-8",
"response_bytes": 46154,
"compact_response_bytes": 8841,
"original_response_bytes": 46154
},
"sitemap_job": {
"id": "4623",
"url": "https://careers-edgewaterit.icims.com/jobs/4623/application-security-engineer/job",
"slug": "application-security-engineer",
"lastmod": "2026-05-29T15:08:49-04:00"
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/5a0d20d0634b964d68dabfb0f8c5f76ce74e0734?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/5cbc1702-45d0-4d5e-9530-547530c47319JSONGET https://api.bluedoor.sh/job-postings/v1/sources/87230910-1a6a-47c4-85c3-bb2b3c46da66JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/5a0d20d0634b964d68dabfb0f8c5f76ce74e0734/eventsJSON