Application Security Tooling Admin [Journeyman] (Remote)

Title: Application Security Tooling Admin (Journeyman)

Location: Remote

• About iWorks:  iWorks Corporation, founded in 2005, is a leading provider of information technology and professional services to the federal government. We are a recognized leader in personnel security and vetting solutions, Agile, DevOps, DevSecOps, data analytics, and cloud solutions. Our continuous process improvement approach, combined with our business and technology expertise, results in innovative solutions.  

  We offer exceptional comprehensive benefits (Medical, Dental, Vision, Life and Disability); 401(k); Health and Wellness Benefits; and Paid Sick Time, Vacation Time, and Holiday Time. You're eligible for bonuses throughout the year as part of our incentive program for innovation and business development. All employees are also considered for an annual raise, commensurate with performance and company commitment.  

  About this position: iWorks is seeking an Application Security Tooling Administrator to design, operate, and continuously improve a defense agency's application security (AppSec) scanning ecosystem across the software development life cycle (SDLC). This role will support Sonatype, Fortify, StackRox/Red Hat ACS, and Burp Suite tooling, integrating them into CI/CD pipelines and ensuring auditable, mission-ready security controls in regulated environments.

  Salary Range: $110,000 – $135,000 - commensurate with the candidate's skills, experience, location, and qualifications. 

On a day-to-day basis, you will

• Deploy, configure, harden, and maintain Sonatype, Fortify, StackRox/Red Hat ACS, and Burp Suite in on-prem and cloud environments, including Oracle Cloud.
• Manage tool upgrades, plugins, licensing, backup/restore, high availability, and disaster recovery.
• Integrate AppSec tools into CI/CD pipelines (Jenkins, GitLab CI, etc.) with policy-based gating.
• Standardize developer workflows with secure-by-default practices, reference templates, and pull request checks.
• Define and tune scanning policies, reduce false positives/negatives, and maintain auditable vulnerability management workflows.
• Provide actionable vulnerability findings with secure coding guidance and coordinate remediation with engineering teams.
• Implement container/Kubernetes security measures, including image scanning, runtime detection, admission controls, and policy enforcement.
• Produce metrics, dashboards, and compliance reports to support RMF/ATO requirements.
• Participate in Agile project management and utilize Jira for workflow tracking.

Required Education/Qualifications

• Active Secret clearance
• 3+ years of experience in Application Security or DevSecOps (regulated environments)
• Hands-on experience with AppSec tools: Sonatype, Fortify, StackRox/Red Hat ACS, and Burp Suite
• Experience integrating security tools into CI/CD pipelines and automating workflows
• Knowledge of Secure SDLC, OWASP Top 10, and application/container security concepts
• Linux fundamentals, networking basics, and authentication (SSO/LDAP)
• Familiarity with common development stacks (Java, .NET, Node.js, Python)
• Experience with Oracle Cloud Infrastructure (OCI)
• DoD 8570 IAT II certification (e.g., Security+)

Preferred Qualifications

• DoD/IC experience with RMF, STIGs, and vulnerability management processes.
• Experience with container registries/orchestration: Harbor, Artifactory, ECR, Kubernetes/OpenShift, Helm.
• Integration experience with SIEM/SOAR and ticketing systems (Splunk, ServiceNow, Jira).
• Additional certifications: CISSP, CSSLP, GIAC, Kubernetes security certifications.

Please Note: We maintain an on-camera policy for all virtual company meetings to foster engagement and collaboration. Reasonable exceptions may be granted with prior approval from Human Resources and/or the applicable manager or client.

FLSA & EMPLOYMENT STATUS: FLSA EXEMPT AND FULL-TIME POSITION

iWorks Corporation is an Equal Employment Opportunity/Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, Veteran status, sexual orientation, or other protected characteristic.