Application Security Onboarding Specialist

About UNIVERSAL Technologies

UNIVERSAL Technologies, LLC is a Women-Owned (M/WBE) IT solutions and consulting company with over 15 years of experience delivering enterprise-grade technology solutions. We partner with public sector and commercial clients to provide high-quality IT services across Development, Business Analysis, Project Management, Cyber Security, Network Engineering, and Systems Architecture. Our mission is to become an extension of our clients teams, delivering impactful and scalable solutions.

What We Offer

• Health, Dental, and Vision Insurance
• Group Life Insurance
• 401(K)
• HSA/FSA options
• Pre-Tax Transportation Program
• Generous PTO and holiday package

Mandatory Skills / Experience

• Minimum of 5 years of experience in Application Security and industry standards such as OWASP and NIST
• Minimum of 5 years of experience in Secure Software Development Life Cycle (SSDLC) practices
• Minimum of 5 years of experience in Threat Modeling and Risk Assessments
• Minimum of 5 years of experience performing application vulnerability scanning (SAST, DAST)
• Minimum of 5 years of experience integrating security into CI/CD pipelines and DevSecOps environments (Azure, Jenkins)
• Minimum of 5 years of experience in API security and access controls (OAuth, SAML, SSO)
• Minimum of 5 years of experience in cloud security
• Minimum of 5 years of experience working in Agile environments and collaborating across cross-functional teams
• Minimum of 5 years of experience in project coordination, stakeholder engagement, and client communication
• Hands-on experience with operating systems and platforms including Windows Server, Linux, IIS, Apache, VMware, and Citrix
• Experience with development technologies including .NET, C#, JavaScript, Python, PowerShell, Shell scripting, and web technologies (HTML, ASP, etc.)
• Hands-on experience with security tools (required): Veracode, IBM AppScan, SD Elements, Burp Suite
• Experience with additional security tools (preferred): Checkmarx, Fortify, Prowler, SonarQube, Snyk, Wireshark, OWASP ZAP, Rapid7, STRIDE

SCOPE OF SERVICES

• Implement a Software Security Assurance process for enterprise applications to ensure compliance with citywide security policies
• Evaluate and scope applications with development teams to determine criticality, data sources, and risk exposure
• Enforce application security requirements across all stages of the SDLC
• Analyze application architectures to identify security gaps across infrastructure and application layers
• Define and enforce standards for firewalls, Web Application Firewalls (WAF), identity management, and multi-factor authentication (MFA)
• Onboard applications to threat modeling tools and vulnerability scanning platforms
• Configure and execute static (SAST) and dynamic (DAST) security scans
• Generate, analyze, and report on application vulnerabilities, providing remediation guidance
• Integrate security controls into CI/CD pipelines to enable continuous security validation
• Collaborate with development, infrastructure, and security teams to ensure secure, compliant, and resilient application environments
• Support ongoing risk management, remediation tracking, and security posture improvement initiatives