Tech Stack

Description

You'll focus on hands-on security software design and implementation to shift security left in development processes. You'll embed automated controls into CI/CD pipelines, maintain shared libraries for authentication and logging, and assist with monitoring tools. You'll work in a lean, impact-focused environment with ~80-90% hands-on work.

Requirements

• 5+ years in software or security engineering, with 3+ years in security-focused roles
• Experience with secure cloud systems (AWS), CI/CD security, and compliance (NIST, CMMC, FedRAMP)
• Proficiency in container security (Docker/Kubernetes), security tools (Trivy, Snyk, Falco, OPA), and programming (Python, Rust)
• Knowledge of common threats, controls, DevSecOps, SBOMs, zero-trust principles, and SIEM logging
• Collaborative interpersonal skills

Responsibilities

• Integrate security automation into CI/CD pipelines (SAST/DAST/SCA, SBOM generation, vulnerability scanning)
• Contribute to shared libraries and infrastructure for authn/authz, logging, and runtime security
• Support CMMC compliance by implementing controls (encryption, secure configurations, monitoring)
• Participate in security architecture reviews, code audits, and threat modeling
• Engage in code reviews, pair programming, and tooling development