Cyber Command Application Security Vulnerability Assessment Engineer

We are looking an Application Security Vulnerability Assessment Engineer to perform technical scanning and testing activities within the Software Security Assurance Program (SSAP). The Engineer will be responsible for identifying, validating, and providing remediation guidance for vulnerabilities across the organization's application portfolio. The primary focus is the operation and fine-tuning of SAST/DAST tooling to provide high-fidelity security baselines, followed by manual validation of results. The Engineer will also provide direct, technical remediation guidance to development teams and lead structured knowledge transfer sessions to train full-time staff.TASKS:Operate and maintain industry-standard SAST/DAST tooling, including HCL AppScan, Veracode, and Burp Suite, to ensure continuous security coverage.Scope application assessments by identifying all critical components and APIs required to establish a comprehensive security baseline.Configure and fine-tune scan profiles and parameters to eliminate noise, reduce false positives, and ensure repeatable, high-fidelity results.Manage the full lifecycle of authenticated and unauthenticated scans, including the coordination of application profiles, security profiles, and automated schedules.Validate automated scanner findings through manual testing and exploit reproduction to confirm technical impact.Document false positives with detailed root-cause analysis and technical justification for audit trails.Identify recurring vulnerability patterns and systemic architectural weaknesses across application portfolios.Generate defensible vulnerability reports that include step-by-step evidence for engineering teams and high-level summaries for management.Prioritize remediation efforts by correlating technical severity with business criticality and data sensitivity.Partner with development teams to translate complex security findings into clear, actionable technical requirements that can be easily ingested into their remediation workflows.Prescribe specific coding guidance and design-level mitigations to resolve identified vulnerabilities.Implement compensating controls when direct remediation is not technically feasible or requires long-term architectural changes.Lead working sessions and technical walkthroughs to assist developers in accelerating the "time-to-fix.Lead structured knowledge transfer sessions to train full-time staff on assessment methodologies and security best practices.MANDATORY SKILLS/EXPERIENCE:Minimum of 12 years of hands-on experience in Application Security, Vulnerability Assessments, or Penetration Testing.Advanced proficiency in applying OWASP Top 10 and NIST 800-53 standards.Practical experience operating and configuring SAST/DAST tools (e.g. AppScan, Veracode, Burp Suite).Proven ability to explain technical vulnerabilities to developers and provide specific, design-level remediation guidance.Proficiency in using CVSS (Common Vulnerability Scoring System) to correlate technical severity with business impact and data sensitivity.DESIRABLE SKILLS/EXPERIENCE:Experience testing cloud-native apps (AWS/Azure/GCP), APIs, and microservices.Strong understanding of Agile/SDLC cycles to effectively coordinate with developers and project managers.Proficiency in manual, testing to validate automated findings and identify complex business logic flaws.Background working with large, complex organizations or government/public sector environments.