DMI is a leading provider of digital services and technology solutions, headquartered in Tysons Corner, VA. With a focus on end-to-end managed IT services, including managed mobility, cloud, cybersecurity, network operations, and application development, DMI supports public sector agencies and commercial enterprises around the globe. Recognized as a Top Workplace, DMI is committed to delivering secure, efficient, and cost-effective solutions that drive measurable results.
Web Developer Security Engineer
Location
United States
Posted
20 hours ago
Salary
0
Seniority
Mid Level
Job Description
Web Developer Security Engineer
DMI
Role Description DMI is seeking a Web Developer Security Engineer to embed security throughout the software development lifecycle for a federal agency client. In this role, you will identify and remediate vulnerabilities in web applications and APIs, integrate security controls into application architectures, and support compliance with federal cybersecurity frameworks — functioning at the intersection of development and security. - Identify, analyze, and remediate critical vulnerabilities, logic flaws, insecure dependencies, and misconfigurations in web applications and APIs. - Drive end-to-end vulnerability lifecycle management, including threat modeling, security assessments, and technical validation of remediation. - Integrate security controls into application architectures and APIs; advise on secure design patterns and data protection mechanisms. - Review and analyze web server and application logs to detect anomalies and indicators of compromise; implement threat intelligence automation. - Deploy, tune, and maintain Web Application Firewalls (WAF) tailored to custom-developed applications and traffic patterns. - Configure and manage File Integrity Monitoring (FIM) solutions to detect and alert on unauthorized changes to web content directories. - Implement DevSecOps principles throughout the CI/CD pipeline; develop security metrics and compliance reporting against established baselines. - Ensure web applications and cloud infrastructure comply with NIST SP 800-53, FISMA, and FedRAMP requirements; participate in audits and risk assessments. - Provide Tier II support for security operations and recommend ongoing security enhancements. Qualifications - Bachelor's degree or higher in Computer Science, Cybersecurity, Information Systems, Engineering, or a related field. - Minimum 3 years of experience in Web Application Security, Application Security Engineering (AppSec), or SSDLC. - Proficiency in .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL. - Strong understanding of OWASP Top 10 and secure coding standards. - Experience deploying and managing WAF solutions for custom-developed web applications. - Experience configuring FIM solutions for web content and application directories. - Familiarity with security testing tools, including Wireshark, SIEM, IDS/IPS, NDR, and EDR. - Ability to leverage AI-assisted development tools (e.g., GitHub Copilot, OpenAI API) for security automation and compliance auditing. - Experience implementing DevSecOps principles, including security gate integration in CI/CD pipelines. - Active security certifications across AppSec, offensive security, and foundational security domains, maintained for a minimum of 5 years. Requirements - In-depth experience with federal cybersecurity frameworks, including NIST SP 800-53, FISMA, and FedRAMP authorization processes. - Proven background in threat modeling, risk assessment, and security architecture design. - Advanced experience with CI/CD pipeline security gate automation. - Cloud security experience with AWS and container security (Docker, Kubernetes). Clearance Requirements - Must possess or be eligible to obtain and complete a government security screening and/or a Secret security clearance. Citizenship Status Required - Must be a U.S. Citizen. Physical Requirements - None required for this position. Location - Remote, US. Benefits - Convenience/Concierge: Virtual health visits, commuter perks, pet insurance, and entertainment discounts that make life easier. - Development: Annual performance reviews, tuition assistance, and internal career growth opportunities to help you thrive. - Financial: Generous 401(k) matches, life and disability insurance, and financial wellness tools to support your future. - Recognition: Annual awards, service anniversaries, referral bonuses, and peer-to-peer shoutouts that spotlight your achievements. - Wellness: Healthcare coverage, wellness programs, flu shots, and biometric screenings to support your health.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Cybersecurity Account Executive – Commercial
CiscoWe securely connect everything to make anything possible.
• enhance security resilience for our customers and communities • build strong executive and internal relationships through strategic vision • seek opportunities to showcase Cisco's comprehensive security portfolio • develop and lead security account plans and strategies for each assigned region • drive double-digit revenue growth by identifying new projects • accurately forecast and report activities in line with expectations using Salesforce and Clari • identify major projects within your accounts to improve product and services revenue
Role Description The DevSecOps Evangelist is the cultural and educational force behind this platform's engineering standards. Where the DevSecOps Engineers build and operate the pipelines, you make sure every engineer across every team understands, embraces, and actively applies the practices those pipelines enforce. You sit across all five delivery lanes — Architect, Develop, Secure, Ship, and Support — and your mandate is to make DevSecOps the instinct, not the instruction. This is a critical, cross-functional role for someone who is as technically credible as they are compelling. What You'll Do - Culture & Strategy: Own the platform's DevSecOps culture programme — defining what engineering excellence looks like across security, quality, automation, and delivery speed, and building the strategy to embed it across every team. - Education & Enablement: Design and deliver a continuous engineering enablement programme — including workshops, onboarding sessions, lunch-and-learns, and hands-on labs. - Standards Stewardship: Own the platform's DevSecOps standards documentation — maintaining it as a living, accessible, and authoritative reference for how engineering is done on this platform. - Pipeline & Tooling Adoption: Drive active adoption of the platform's CI/CD tooling, security gates, AI-powered code review and testing agents, and developer environment standards across all engineering teams and contributors. - Shift-Left Security Advocacy: Champion the principle that security is everyone's responsibility and belongs at the beginning of every development conversation — not the end. - DORA Metrics & Maturity Tracking: Track, baseline, and report on DevSecOps adoption and engineering maturity across the platform — using DORA metrics and qualitative signals from team engagement. - Community of Practice: Build and run a DevSecOps community of practice across the engineering organisation — creating forums, rituals, and channels for engineers to share learnings and celebrate wins. - Innovation & Emerging Practices: Continuously track the evolving DevSecOps landscape — including AI-assisted development tools and emerging pipeline security standards. - Cross-functional Influence: Operate across all five delivery lanes — building trust and credibility with every team on the platform. - Executive Reporting: Report regularly to the Platform Manager on the state of DevSecOps adoption, culture programme progress, and areas of concern. Qualifications - 5+ years of experience in software engineering or DevSecOps. - Proven experience driving engineering culture change in a large, complex organisation. - Deep familiarity with CI/CD pipelines and DevSecOps tooling. - Strong working knowledge of shift-left security principles and the tooling that enforces them. - Excellent communication, facilitation, and teaching skills. - Hands-on experience with Infrastructure as Code, containerisation, and cloud-native development practices. Requirements - Experience with DORA metrics, DevOps maturity models, or engineering effectiveness frameworks. - Familiarity with AI-assisted development and testing tools. - Public presence in the DevSecOps or engineering community. - Experience in fintech, banking, or a regulated environment. - AWS and/or Microsoft Azure certification. Benefits - Impactful work — you'll shape the engineering culture of a platform built to serve hundreds of millions of Africans. - World-class team — you'll work alongside engineers, architects, and security specialists from top organisations. - Modern ways of working — security-first, fully automated, IaC-driven, and built on a dual-cloud foundation. - Lagos, Nigeria — based at our Lagos office, at the heart of Africa's most dynamic technology ecosystem. How to Apply To apply, please use the link provided in the job posting. Applications are managed through our recruitment platform and reviewed on a rolling basis.
Role Description As Senior Network & Security Engineer, you will design, build, and operate the network and security architecture that keeps this platform private, resilient, and impenetrable. You will own the platform's private cloud networking, zero-trust enforcement, perimeter security controls, and network-level threat monitoring. What You'll Do - Network Architecture: - Design and own the platform's end-to-end network architecture. - Define topology, segmentation model, and connectivity principles. - Translate architectural decisions into a clean, scalable IP addressing strategy. - Document all architecture decisions and reflect them in version-controlled infrastructure code. - Network Engineering: - Own the hands-on engineering and operation of the platform's network infrastructure. - Write clean, well-structured, peer-reviewed code using Terraform, Ansible, and Bash. - Integrate network security checks into CI/CD pipelines. - Zero Trust Enforcement: - Implement and enforce zero-trust principles across the entire platform. - Continuously identify and close trust gaps across all environments. - Perimeter & Firewall Security: - Own and operate the platform's security boundaries. - Define firewall and NSG rules exclusively via Infrastructure as Code. - Cloud Network Security & Encryption: - Configure and maintain cloud-native network security controls across AWS and Azure. - Enforce TLS 1.2+ across all services and connections in transit. - Hybrid & Site-to-Site Connectivity: - Design, implement, and maintain highly available, redundant connectivity. - Ensure failover paths are in place, tested, and documented. - VPN & Admin Access Controls: - Design and operate the platform's JumpNet and VPN infrastructure. - Enforce MFA on all VPN access. - Global Traffic Management: - Design and operate the platform's global traffic management layer. - Implement and maintain AWS Route 53 and Azure Traffic Manager. - Threat Detection & Network Monitoring: - Design, implement, and operate the platform's centralized network monitoring and threat detection infrastructure. - Ensure all network telemetry feeds into the SIEM. - Incident Response: - Act as the first responder for network-level security incidents. - Contribute to the platform's Incident Response Plan. - Documentation & Asset Management: - Maintain accurate, up-to-date network design documentation. - Own a centralized, version-controlled inventory of all core network assets. Qualifications - 5+ years of hands-on network and security engineering experience in a cloud-native production environment. - Expert-level knowledge of cloud networking on AWS and/or Azure. - Hands-on experience with perimeter security tooling. - Strong working knowledge of zero-trust architecture. - Proven experience with network threat detection and monitoring. - Expert-level knowledge of routing and switching protocols. - Hands-on experience configuring and managing enterprise firewall and core switching platforms. - Solid Infrastructure as Code skills. - Active CCNP Security or CCNP Enterprise certification. Requirements - Fortinet NSE 4 or NSE 5 certification. - AWS Certified Security – Specialty and/or Microsoft Certified: Azure Network Engineer Associate. - Experience with container network security. - Hands-on experience with network security in regulated financial services environments. - Familiarity with SIEM platforms. Benefits - Impactful work — you'll own the network security layer of a platform built to serve hundreds of millions of Africans. - World-class team — you'll work alongside engineers, security specialists, and architects from some of the best organisations. - Modern ways of working — IaC-first, zero-trust by design, and built on a dual-cloud foundation. - Lagos, Nigeria — based at our Lagos office, at the heart of Africa's most dynamic technology ecosystem. How to Apply To apply, please use the link provided in the job posting. Applications are managed through our recruitment platform and reviewed on a rolling basis.
Role Description Wir suchen einen ambitionierten und engagierten (Senior) Special Sales Cybersecurity (m/w/d) - bundesweit. Als (Senior) Special Sales Cybersecurity (m/w/d) übernimmst Du eine Schlüsselrolle im Tech-Vertrieb. Du erkennst Chancen im Markt, gewinnst neue Kunden und entwickelst bestehende Accounts strategisch weiter – mit Fokus auf Cisco Security-Lösungen. Dabei arbeitest Du eng mit unseren Account-Teams, Cisco sowie unseren Consulting- und Delivery-Einheiten zusammen. Deine Mission: unsere Kunden nicht nur sicherer zu machen, sondern ihnen ermöglichen, neue Potenziale zu erschließen und zu wachsen. Diese Position verbindet strategischen Vertrieb mit echter Verantwortung – und bietet Dir vielfältige Entwicklungsperspektiven in einem internationalen Umfeld. - Du gewinnst Neukunden und entwickelst Bestandskunden strategisch weiter – mit klarem Fokus auf Cybersecurity und Services. - Du positionierst gezielt unsere NTT DATA Security Services mit Cisco-Technologien wie z. B.: Secure Firewall, Universal ZTNA, Hybrid Mesh Firewall, Identity & Access, XDR/Splunk, Hypershield. - Du steuerst den gesamten Sales-Prozess – von der Bedarfsanalyse bis zum Abschluss. - Du begleitest Kunden als Trusted Advisor und übersetzt Business- und IT-Anforderungen in konkrete Security-Strategien. - Du entwickelst Go-to-Market-Kampagnen und bearbeitest den Markt proaktiv. - Du arbeitest eng mit Cisco und internen Teams zusammen, um maßgeschneiderte Lösungen zu entwickeln. - Du repräsentierst NTT DATA bei Webinaren, Kunden-Workshops und Events. - Du sorgst für eine reibungslose Übergabe an die Delivery und legst die Basis für Renewals und Upselling. Qualifications - Du bringst mehrjährige Erfahrung im Vertrieb von IT- oder Cybersecurity-Lösungen mit, idealerweise mit Cisco Security. - Du blickst auf Erfolge im Auf- und Ausbau von Kundenbeziehungen sowie im Abschluss komplexer Deals. - Du hast Verständnis von aktuellen Security-Trends wie Zero Trust, Cloud Security, AI-Defense und Resilienz. - Du bringst eine starke Kommunikations- und Beratungskompetenz mit technischen und geschäftlichen Stakeholdern (IT-Leitung, CISO, Einkauf) mit. - Du hast eine Hunter-Mentalität, bietest Eigeninitiative und eine strukturierte, zielorientierte Arbeitsweise. - Must have: Sehr gute Deutsch- und Englischkenntnisse. Mit Wohnsitz in Deutschland. Requirements - Abgeschlossenes Studium (Wirtschaft, IT oder vergleichbar) oder gleichwertige Berufserfahrung. - Zertifizierungen im Bereich Solution Selling, SPIN oder vergleichbare Sales-Methoden sind von Vorteil. - Cisco- oder andere relevante Security-Zertifizierungen sind wünschenswert. Benefits - Gestalte aktiv die gemeinsame Wachstumsstrategie von NTT DATA und Cisco im Bereich Security mit. - Arbeite in einer starken Partnerschaft – Cisco-Technologien kombiniert mit den Services und der Kundenbasis von NTT DATA. - Übernimm eine Schlüsselrolle dabei, Kunden sicherer, widerstandsfähiger und zukunftsfähiger zu machen. - Internationale Entwicklungschancen, erfolgsabhängige Boni und eine attraktive Vergütung.
