HHS - Application Security Engineer

cFocus Software seeks a Application Security Engineer to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance. Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field.
• 5+ years of experience in application security or secure software development.
• Hands-on experience with SAST/DAST tools, dependency scanning, and code review.
• Knowledge of OWASP Top 10, secure coding practices, and vulnerability remediation.
• Experience supporting DevSecOps and CI/CD security integration.
• Familiarity with federal security standards (NIST SP 800-53, RMF, FISMA).
• Strong written and verbal communication skills.
• CSSLP, GWAPT, CEH, or equivalent (preferred)
• AWS/Azure security certifications (preferred)

Duties:  

• Conduct application security assessments including SAST, DAST, SCA, SBOM analysis, and secure code reviews.
• Analyze vulnerability scan results and determine applicability, severity, and business risk.
• Provide remediation guidance to developers based on secure coding standards (OWASP, NIST, HHS guidance).
• Support integration of automated security testing within CI/CD pipelines.
• Perform API security testing including authentication, authorization, and endpoint validation.
• Validate remediation through follow-up testing and evidence review.
• Support penetration testing activities related to application and web services.
• Maintain application security documentation, reports, and dashboards.
• Support zero-day and KEV-based vulnerability response activities.
• Coordinate with ISSOs, system owners, and developers to ensure vulnerabilities are tracked and remediated within SLA.