Web Application Security Assessor

We are seeking a highly skilled and innovative Web Application Security Assessor to join our team in the greater DMV area, supporting the Army National Guard.

Responsibilities

Lead defensive web application assessments: plan and execute comprehensive evaluations of enterprise web services from discovery through remediation validation.
• Perform advanced manual testing to validate complex findings (SQL injection, XSS, authentication/authorization flaws, access control issues) beyond automated scans.
• Triage scan outputs, rule out false positives, and prioritize findings by exploitability, impact, and mission risk.
• Provide authoritative remediation guidance: explain root causes, recommend mitigations, and advise secure coding/configuration practices to development and operations teams.
• Coordinate assessment lifecycles with system owners, developers, QA, and cybersecurity stakeholders; validate fixes and retest to confirm closure.
• Analyze enterprise vulnerability trends to identify systemic weaknesses and recommend defensive improvements.
• Produce detailed technical reports, evidence bundles, and executive summaries to support risk management, compliance, and continuous improvement.
• Contribute detection/usecase inputs to detection engineering and SOC teams to improve monitoring of web threats.

#ENOCS

Qualifications

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD

• Clearance: Active TS/SCI clearance.

• Candidate must meet ONE of the following:

  • Master's degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR
  • Relevant DoD/military training (documented advanced application security or offensive security coursework); OR
  • Relevant professional certification or equivalent experience (examples: CISSPISSEP; ISC2 CSSLP; GIAC GWAPT).

• Required experience and skills:

  • Web application security, penetration testing, or secure development experience with at least 3 years performing advanced web assessments.
  • Expert knowledge of web vulnerabilities (OWASP Top 10), manual testing techniques, authenticated testing, and exploit validation.
  • Handson experience with web testing tools (Burp Suite, ZAP), code review for security, and methods for secure remediation and mitigation.
  • Ability to produce reproducible test evidence, technical remediation guidance, and executivelevel risk summaries.
  • Experience coordinating assessments in production/staging environments and validating fixes under change control.

• Desired:

  • Prior DoD/ARNG web security assessment or application security program experience.
  • Experience integrating findings into detection engineering, WAF tuning, CI/CD security gates, and developer training programs.

#ENOCS

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.