Application Security Tooling Engineer (Senior) – SECRET CLEARANCE REQUIRED – 100% Remote (EST hours
Job Title: Application Security Tooling Administrator (Journeyman)
Location: Remote
Clearance Required: Active Secret
Employment Type: Full-Time
Overview
Cornerstone Technology Enterprises is seeking a Journeyman Application Security Tooling Administrator to support cybersecurity operations for our government customer. In this role, you will help design, operate, and continuously improve the defense agency’s application security (AppSec) scanning ecosystem throughout the software development life cycle (SDLC).
The ideal candidate is comfortable operating multiple AppSec tools in regulated environments and can collaborate across infrastructure and DevSecOps teams to ensure scalable, mission-ready security controls.
Key Responsibilities
AppSec Tooling Operations
• Platform Ownership: Deploy, configure, harden, and maintain AppSec tools, including Sonatype, Fortify, StackRox, and Burp Suite across on-premises and cloud environments.
• Maintenance: Manage system upgrades, plugins, licensing, capacity planning, and disaster recovery procedures.
• Performance: Establish SLAs/SLOs, monitoring, and operational runbooks to ensure tool health.
• Cloud Support: Experience with Oracle Cloud Infrastructure is strongly preferred to support secure-by-default cloud workflows.
DevSecOps and CI/CD Integration
• Integrate security tools into CI/CD pipelines (e.g., Jenkins, GitLab CI) with policy-based gating.
• Standardize developer workflows, including pull request checks and release readiness criteria.
Security Policy and Governance
• Tune scanning policies (severity thresholds, allowlists, quality gates) to align with agency standards and reduce false positives.
• Maintain auditable vulnerability management workflows, including triage and remediation SLA tracking.
Vulnerability Triage and Remediation
• Partner with engineering teams to remediate security issues in code, dependencies, and container images.
• Coordinate retesting and verify fixes using targeted validation.
Reporting and Compliance
• Produce metrics and dashboards tracking vulnerability trends and pipeline pass rates.
• Support Risk Management Framework (RMF) and Authority to Operate (ATO) requirements through scan outputs and control mappings.
Required Qualifications
• Experience: 3+ years in application security engineering or DevSecOps in regulated environments.
• Clearance: Active Secret or Interim Secret clearance.
• Certification: DoD 8570 IAT Level II (e.g., Security+).
• Technical Skills: Hands-on administration of Sonatype (Nexus IQ/Lifecycle), Fortify (SCA/SSC), StackRox/Red Hat ACS, and Burp Suite.
• Tooling: Strong automation and CI/CD integration skills.
• Knowledge: Deep understanding of Secure SDLC, OWASP Top 10, container security, and Linux administration.
Desired Qualifications
• Familiarity with registries and orchestration (Harbor, Artifactory, Kubernetes, Helm).
• Experience with SIEM/SOAR and ticketing tools like Splunk, ServiceNow, or Jira.
• Advanced certifications such as CISSP, CSSLP, or specialized Kubernetes security certs.
Why Join Cornerstone?
Cornerstone Technology Enterprises is a veteran-owned small business with deep experience supporting federal and defense missions. Our teams operate inside production environments, supporting systems that matter, while maintaining a culture that values trust, accountability, and technical excellence.
Pay: $115,000.00 - $135,000.00 per year
Benefits:
• 401(k)
• 401(k) matching
• Dental insurance
• Employee discount
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Retirement plan
• Vision insurance
License/Certification:
• CompTIA Security+ (Required)
Security clearance:
• Secret (Required)
Work Location: Remote
Apply Now
Apply Now
Location: Remote
Clearance Required: Active Secret
Employment Type: Full-Time
Overview
Cornerstone Technology Enterprises is seeking a Journeyman Application Security Tooling Administrator to support cybersecurity operations for our government customer. In this role, you will help design, operate, and continuously improve the defense agency’s application security (AppSec) scanning ecosystem throughout the software development life cycle (SDLC).
The ideal candidate is comfortable operating multiple AppSec tools in regulated environments and can collaborate across infrastructure and DevSecOps teams to ensure scalable, mission-ready security controls.
Key Responsibilities
AppSec Tooling Operations
• Platform Ownership: Deploy, configure, harden, and maintain AppSec tools, including Sonatype, Fortify, StackRox, and Burp Suite across on-premises and cloud environments.
• Maintenance: Manage system upgrades, plugins, licensing, capacity planning, and disaster recovery procedures.
• Performance: Establish SLAs/SLOs, monitoring, and operational runbooks to ensure tool health.
• Cloud Support: Experience with Oracle Cloud Infrastructure is strongly preferred to support secure-by-default cloud workflows.
DevSecOps and CI/CD Integration
• Integrate security tools into CI/CD pipelines (e.g., Jenkins, GitLab CI) with policy-based gating.
• Standardize developer workflows, including pull request checks and release readiness criteria.
Security Policy and Governance
• Tune scanning policies (severity thresholds, allowlists, quality gates) to align with agency standards and reduce false positives.
• Maintain auditable vulnerability management workflows, including triage and remediation SLA tracking.
Vulnerability Triage and Remediation
• Partner with engineering teams to remediate security issues in code, dependencies, and container images.
• Coordinate retesting and verify fixes using targeted validation.
Reporting and Compliance
• Produce metrics and dashboards tracking vulnerability trends and pipeline pass rates.
• Support Risk Management Framework (RMF) and Authority to Operate (ATO) requirements through scan outputs and control mappings.
Required Qualifications
• Experience: 3+ years in application security engineering or DevSecOps in regulated environments.
• Clearance: Active Secret or Interim Secret clearance.
• Certification: DoD 8570 IAT Level II (e.g., Security+).
• Technical Skills: Hands-on administration of Sonatype (Nexus IQ/Lifecycle), Fortify (SCA/SSC), StackRox/Red Hat ACS, and Burp Suite.
• Tooling: Strong automation and CI/CD integration skills.
• Knowledge: Deep understanding of Secure SDLC, OWASP Top 10, container security, and Linux administration.
Desired Qualifications
• Familiarity with registries and orchestration (Harbor, Artifactory, Kubernetes, Helm).
• Experience with SIEM/SOAR and ticketing tools like Splunk, ServiceNow, or Jira.
• Advanced certifications such as CISSP, CSSLP, or specialized Kubernetes security certs.
Why Join Cornerstone?
Cornerstone Technology Enterprises is a veteran-owned small business with deep experience supporting federal and defense missions. Our teams operate inside production environments, supporting systems that matter, while maintaining a culture that values trust, accountability, and technical excellence.
Pay: $115,000.00 - $135,000.00 per year
Benefits:
• 401(k)
• 401(k) matching
• Dental insurance
• Employee discount
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Retirement plan
• Vision insurance
License/Certification:
• CompTIA Security+ (Required)
Security clearance:
• Secret (Required)
Work Location: Remote
Apply Now
Apply Now