Senior Security Test Engineer

Everforth ECS is seeking a Senior Security Test Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Senior Security Test Engineer serves as the principal authority for security test engineering across WDP Core Integration's full software development lifecycle, embedding automated security validation, compliance gating, and penetration testing activities directly into DevSecOps pipelines spanning NIPRNet, SIPRNet, and JWICS. This is a senior technical role responsible for translating DoW cybersecurity requirements and contract obligations into concrete, measurable test strategies that protect mission-critical software releases and sustain continuous authorization across all WDP enclaves.

• Conducts advanced test engineering operations supporting War Data Platform (WDP) Core Integration software lifecycle activities across development, testing, integration, staging, and production environments on NIPRNet, SIPRNet, and JWICS.
• Designs automated test suites using GitLab CI, Jenkins, Selenium, JMeter, SonarQube, OpenSCAP, and approved scanning tools to validate functionality, security, performance, and compliance requirements.
• Translates contract-level DevSecOps and cybersecurity requirements into concrete security-test objectives and embeds static analysis, software-composition analysis, and dynamic or interactive security testing directly into continuous integration and continuous deployment pipelines with automated gating and reporting.
• Implements DevSecOps-aligned testing strategies integrating automated gate checks, artifact-lineage verification, regression safety controls, and STIG-based compliance validation.
• Creates reusable security-testing scripts and supplements automated workflows with targeted manual or penetration-testing activities for high-risk release candidates.
• Uses Infrastructure-as-Code patterns to provision secure sandboxes that mirror production controls and employ synthetic or masked data to protect sensitive information during testing.
• Performs virtual-machine and container-security validation using Department of War Security Technical Implementation Guides and defense container-hardening standards embedded in CI workflows.
• Executes automated and manual testing, documents defects, validates fixes, and triages findings while maintaining a security-testing risk register.
• Reviews scan results, collaborates with developers for fix verification, and refines rulesets, tooling, and documentation to meet audit and regulatory obligations.
• Tracks key performance indicators including coverage, detection speed, pipeline stability, and reliability trends to support program reporting and continuous improvement.
• Coordinates with software engineers, DevSecOps pipeline operators, cybersecurity teams, and system-engineering personnel to reproduce issues, verify corrective actions, and synchronize readiness for sprint and release events.
• Supports maintenance of test environments, synthetic data sets, and repeatable validation workflows enabling stable, high-confidence software releases across all War Data Platform (WDP) Core Integration enclaves.
• Performs other duties as assigned.

• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• 10–12 years of experience in security test engineering, software quality assurance, application security, or a closely related technical discipline, with demonstrated senior-level ownership of security testing strategy and automated pipeline integration in federal or enterprise software delivery environments.
• Demonstrated hands-on expertise designing and operating automated security test pipelines using tools such as GitLab CI, Jenkins, SonarQube, and OpenSCAP, with applied experience in SAST, DAST, software-composition analysis, STIG compliance validation, and container hardening in classified or government cloud environments.
• Proven ability to lead penetration testing coordination, security test planning, and risk register management in support of Authority to Operate (ATO) packages, Interim Authority to Test (IATT) preparation, and continuous monitoring obligations under the Risk Management Framework.
• Experience operating within DoW or federal classified multi-enclave environments, including familiarity with IL2, IL5, IL6, and JWICS software delivery constraints, DoW container hardening standards, and cross-domain security testing requirements.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).