Security Specialist​/Application Security Lead

Are you looking for your next challenge? Are you ready to work with a performance-based small company? At Zantech, we are a dynamic Woman Owned Small Business focused on providing complex, mission-focused solutions with a proven track record of outstanding customer performance and high employee satisfaction. We would love to talk with you regarding the next step in your career. Come join our team!

Zantech is looking for a talented Security Specialist / Application Security Lead to contribute to the success of our upcoming Applied and Emerging Technology Support project for a Hybrid role based out of Camp Springs, MD.

The Security Specialist / Application Security Lead provides expert application security leadership, ensuring secure software delivery through integrated security controls, vulnerability management, and Zero Trust architecture implementation. This role leads Security Engineers and Security Champions in embedding security throughout the software development lifecycle and collaborates with the Dev Sec Ops  Lead to implement automated security testing in CI/CD pipelines.

• Establish and maintain application security standards and best practices for USCIS OIT
• Define security controls and gates for integration within CI/CD pipelines
• Design Zero Trust architecture implementations covering identity, workload, network, and data protection

• Lead integration of SAST and DAST tools
• Implement container security scanning and vulnerability management (Aqua Security, Snyk)
• Establish Infrastructure as Code (IaC) security scanning and policy enforcement
• Integrate secrets management (Hashi Corp Vault) and secure credential handling

• Identify threats and measure potential vulnerabilities in systems, applications, and services
• Conduct security assessments and coordinate penetration testing
• Track vulnerability remediation SLAs and metrics

• Implement Zero Trust principles across Applications and Workloads realm
• Design and validate identity-based access controls (Okta, AWS IAM)
• Establish micro‑segmentation and workload isolation patterns

• Implement policy-as-code using Open Policy Agent (OPA)
• Automate enforcement of security and compliance controls
• Support ATO/Continuous Authorization processes with automated security control validation

• Minimum 10 years of IT engineering experience
• Minimum 5 years in Dev Sec Ops , Dev Ops, or Platform Engineering roles
• Minimum 3 years of federal government experience, preferably DHS or civilian agencies
• Demonstrated experience designing and implementing enterprise CI/CD solutions
• Experience with cloud-native application development and deployment
• Track record of successful Dev Sec Ops  transformations in complex enterprise environments

• Expert-level knowledge of CI/CD tools (Jenkins, Git Lab CI/CD, Git Hub Actions, or similar)
• Deep expertise with container orchestration platforms (Kubernetes, Open Shift, EKS, ECS)
• Advanced proficiency with Infrastructure-as-Code tools (Terraform, Cloud Formation, Ansible)
• Strong scripting abilities (Python, Bash, Power Shell, Go)
• Extensive experience with AWS cloud services (EC2, S3, Lambda, RDS, VPC, IAM, etc.)
• Expert knowledge of Git workflows and version control strategies
• Proficiency with security scanning tools (Sonar Qube, Veracode, Checkmarx, Twistlock, Aqua)
• Experience with monitoring and observability tools (Prometheus, Grafana, ELK Stack, Datadog, Splunk)

• Experience with service mesh technologies (Istio, Linkerd)
• Knowledge of policy-as-code tools (OPA, Kyverno, Sentinel)
• Familiarity with Backstage.io (especially relevant for USCIS Backstage)
• Experience with API gateway and management solutions
• Knowledge of secrets management tools (Vault, AWS Secrets Manager)
• Understanding of software bill of materials (SBOM) and supply chain security

• Understanding of Zero Trust Architecture principles and implementation
• Knowledge of FedRAMP, FISMA, and NIST…