Support Army SEAP program by performing web application scanning, manual application security testing, and producing detailed findings and risk analysis. Integrate static/dynamic assessments into secure SDLCs, assist with RMF/DoD security processes, coordinate with IT teams, and maintain deliverable schedules using SharePoint and collaboration tools.
Location: Remote
Required Clearance: SECRET
Required Certification(s): DoD 8570.01-M IAT II
Required Education: Bachelor’s degree in Information Technology, Computer Science, or related field. Substantial experience in lieu of degree may be considered.
Required Experience: 2+ years of related experience
Position Description:
PingWind is seeking a Cybersecurity Application Security Analyst to support the U.S. Army.
Primary Responsibilities:
•Reports to the SEAP Cyber team manager
• Support the SEAP Program (SUSTAINMENT TO EXISTING APPLICATIONS PORTFOLIO).
• Perform web application scanning & application security assessments.
• Perform manual application testing to identify vulnerabilities or deviations from software standards.
• Provide timely and detailed reports, with proofs of findings and analysis of risk.
• Assist with integration of static & dynamic web application assessments into secure SLDC lifecycles
• Use SharePoint and other collaboration tools to collect, monitor, and manipulate C&A documentation through the collection, review, approval, and final distribution processes.
• Supports the SEAP Program and related teams in areas of Risk Management Framework (RMF) for DoD IT, DoD/Army Regulations, Incident Response, Software Assurance, and related Cyber disciplines.
• Work closely with representatives from other divisions and branches (IT, Networking, etc.) to request information, provide clarification, and validate findings, evidence, and POA&M statements.
• Maintain and meet deliverable schedules. Must be proactive in obtaining information from multiple internal and external teams to complete requirements on schedule.
• Additional details of positions will be provided to qualified applicants.
Required Skills:
• Development background is required.
• Microsoft .NET or Java development experience required. Microsoft .NET is preferred.
• Knowledge of SDLC methodologies.
• Intermediate to advanced knowledge of secure code development practices and OWASP Top 10 web application security issues.
• Web services development and design with integrated security engineering experience.
• Requires excellent English verbal and writing skills including report generation, presentations, and technical writing.
• Highly organized with the ability to independently maintain schedules and meet deadlines.
Desired Skills:
• Experience with supporting assessment of IT systems compliance with Federal IT Security standards. (NIST 800-53, FISMA, etc.)
• 3-7 years of web application development related work experience.
• Experience performing manual and automated code review and penetration tests for complex applications.
• Experience with static code scanning tools (Fortify, AppScan, etc.)
• Experience with dynamic analysis tools (Burp, Zaprozy, SQLMap, BeEF, DAVtest, dirb, fierce, curl, hping, etc.)
• Technical understanding of database, web server, and operating system security as well as application security in leading cloud platforms.
• Knowledge of security systems and controls, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Understanding of data handling privacy standards to include PII and PHI.
• Familiarity with DISA application security related Security Technical Implementation Guides (STIGs) and RMF implementation.
• Veterans with prior Army/DoD Cybersecurity experience highly desired.
Required Qualifications:
• Minimum 2 years’ relevant experience.
• Bachelor’s degree in Information Technology, Computer Science, or related field. Substantial experience in lieu of degree may be considered.
• Current DoD 8570.01-M Information Assurance Technical IAT Level II (IAT II) baseline certification, such as Security+ CE. Uncertified candidates cannot be considered.
• Experience with static code scanning tools (Fortify, AppScan, etc.)
• U.S. citizen with active DoD SECRET level security clearance. Uncleared candidates cannot be considered.
Desired Qualifications:
• Certified Application Security Engineer (CASE), Certified Secure Software Lifecycle Professional (CSSLP), or similar certification.
• Higher level DoD 8570 IAT-III/IAM certifications (i.e. CISSP, CASP, etc.)
About Pingwind
PingWind is focused on delivering outstanding services to the federal government. We have extensive experience in the fields of cybersecurity, development, IT infrastructure, supply chain management and other professional services such as system design and continuous improvement. PingWind is a VA CVE certified Service-Disabled Veteran-Owned Small Business (SDVOSB) and SBA HUBZone Certified with offices in Washington DC and Northern Virginia. www.PingWind.com
Our benefits include:
· Eleven Federal Holidays
· Paid Time Off accrued each pay period
· Parental Leave
· Three medical plan choices with generous employer contribution
· Dental and Vision Insurance
· Company paid Short-Term and Long-Term Disability
· Company paid Life and AD&D Insurance
· 401k with competitive matching and vesting schedule
· Continuing education assistance
· Short Term / Long Term Disability & Life Insurance
· Medical, Dependent Care and Commuter Flexible Spending Accounts
· Employee Assistance Program
· Wellness benefits include Calm Health app and WellHub gym subsidy (formerly GymPass)
· 529 College Savings Plan
· Legal Insurance
· Pet Insurance
Veterans are encouraged to apply
PingWind, Inc. does not discriminate in employment opportunities, terms, and conditions of employment, or practices on the basis of race, age, gender, religious or political beliefs, national origin or heritage, disability, sexual orientation, or any characteristic protected by law.
Top Skills
Java
Microsoft .Net
Owasp Top 10
Sdlc
Sharepoint
Web Services
Similar Jobs
Automotive • Big Data • Information Technology • Robotics • Software • Transportation • Manufacturing
The Sr. HR Reporting Analyst will provide reporting support, develop Workday reports and dashboards, and manage stakeholder requests, ensuring solutions align with HR and business needs.
Top Skills:
Power BIPythonRSQLWorkday
Automotive • Big Data • Information Technology • Robotics • Software • Transportation • Manufacturing
The role involves leading performance engineering for GM Motorsports, focusing on vehicle dynamics, simulation, and improving on-track performance through collaboration and testing.
Top Skills:
AdamsAIAtlasC#DymolaMatlabMlModelicaMotecPi ToolboxPythonSimulation ToolsWindarab
Automotive • Big Data • Information Technology • Robotics • Software • Transportation • Manufacturing
The Senior Business Planner will manage organizational communications, enhance employee engagement, and drive operational excellence within Cybersecurity, IT, and Data Engineering, collaborating with senior executives and various stakeholders.
Top Skills:
ConfluenceSharepointSlack
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
