Job Title: Application Security Tooling Engineer (Senior)
Location: Remote
Clearance Required: Active Secret
Employment Type: Full-Time
Overview
Cornerstone Technology Enterprises is seeking a Senior Application Security Tooling Engineer to support mission-critical cybersecurity operations for our government customer. This senior-level role serves as the technical lead and platform owner for Application Security (AppSec) scanning and tooling, providing hands-on engineering expertise while supervising and mentoring at least one other AppSec professional.
The ideal candidate combines deep mastery of AppSec tooling with leadership experience, operates effectively in secure and compliance-driven environments, and can collaborate across infrastructure, cybersecurity, and DevSecOps teams to support enterprise-level vulnerability management and incident response capabilities.
Key Responsibilities
AppSec Tooling Leadership and Engineering
• Lead the design, deployment, administration, and optimization of AppSec scanning tools, including Sonatype, Fortify, StackRox, and Burp Suite across on-premises and cloud environments.
• Serve as the primary technical authority for AppSec architecture, configuration standards, and operational best practices.
• Perform system upgrades, patching, performance tuning, and advanced troubleshooting for the AppSec toolset.
• Experience with Oracle Cloud Infrastructure is strongly preferred.
Team Leadership and Mentoring
• Supervise, mentor, and provide technical guidance to at least one other AppSec professional.
• Delegate tasks, review work quality, and support the professional development of team members.
• Foster a collaborative, mission-focused team environment aligned with program objectives.
DevSecOps and CI/CD Integration
• Lead the integration of AppSec tools into CI/CD pipelines to support automated security testing and DevSecOps practices.
• Coordinate with development and infrastructure teams to improve vulnerability detection and remediation workflows.
Vulnerability Management and Reporting
• Oversee the identification, analysis, and reporting of application-level vulnerabilities.
• Design and maintain advanced dashboards, alerts, and reports to communicate security posture to stakeholders.
• Support RMF/ATO evidence needs and continuous monitoring activities.
Security and Compliance
• Implement and enforce tool configurations aligned with DoD security policies and compliance standards.
• Apply and maintain applicable STIGs and system hardening guidance.
• Support audit readiness and incident response activities as needed.
Agile Collaboration and Documentation
• Participate in Agile ceremonies, including stand-ups, sprint planning, and retrospectives.
• Use Jira for workflow management, backlog tracking, and documentation.
• Develop and maintain SOPs, runbooks, and technical documentation.
Required Qualifications
• Minimum of 5 years of hands-on Application Security engineering experience.
• Active Secret or Interim Secret clearance.
• DoD 8570 IAT Level II certification (e.g., CompTIA Security+).
• Demonstrated experience leading or mentoring technical team members.
• Strong analytical, troubleshooting, and problem-solving skills.
• Excellent written and verbal communication skills.
Desired Qualifications
• Experience serving as a technical lead or platform owner for AppSec tooling.
• Hands-on experience with Sonatype, Fortify, StackRox, and Burp Suite in production environments.
• Familiarity with Oracle Cloud Infrastructure.
• Experience with CI/CD tools and DevSecOps methodologies.
Why Join Cornerstone?
Cornerstone Technology Enterprises is a veteran-owned small business with deep experience supporting federal and defense missions. Our teams operate inside production environments, supporting systems that matter, while maintaining a culture that values trust, accountability, and technical excellence.
Pay: $140,000.00 - $170,000.00 per year
Benefits:
• 401(k)
• 401(k) matching
• Dental insurance
• Employee discount
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Retirement plan
• Vision insurance
License/Certification:
• CompTIA Security+ (Required)
Security clearance:
• Secret (Required)
Work Location: Remote