Application Security Engineer III
KARL STORZ North America · Stafford, TX · 6 days ago
HybridInformation TechnologyFull-time
Key Responsibilities
- Lead and maintain DoD Authorization to Operate (ATO) certifications.
- Serve as the primary cybersecurity contact for DoD-related projects.
- Manage RMF compliance activities, including STIG and SCAP scanning, POA&M management, and risk mitigation planning.
- Author and maintain cybersecurity documentation, risk analyses, and compliance reports.
- Support certification audits, renewals, and customer-facing cybersecurity reviews.
- Verify cybersecurity requirements through testing, documentation, and validation activities.
- Partner with engineering teams to implement secure development practices.
- Support threat modeling, vulnerability management, and security testing throughout the SDLC.
- Participate in product security reviews and provide risk mitigation recommendations.
- Design and maintain DevSecOps pipelines with automated security testing and vulnerability scanning.
- Support secure CI/CD practices and compliance monitoring.
- Establish and maintain cybersecurity lab environments and test infrastructure.
- Cross-functional Collaboration
- Collaborate with R&D, Quality, Regulatory, IT, Operations, and Product Management teams.
- Communicate cybersecurity risks, requirements, and recommendations to technical and non-technical stakeholders.
- Participate in customer meetings, technical reviews, and occasional on-site visits.
Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field.
- 5+ years of cybersecurity experience (4+ years with a Master's degree).
- Experience supporting application, product, or embedded cybersecurity in regulated industries such as medical devices, defense, or aerospace.
- Hands-on experience with DoD RMF, STIGs, SCAP tools, and POA&M management.
- Knowledge of NIST frameworks, including NIST 800-53 and NIST 800-171.
- Experience with secure software development, vulnerability management, risk assessment, and DevSecOps practices.
- Experience with Windows and Linux hardening, network security, and system compliance validation.
- Strong communication, analytical, organizational, and problem-solving skills.
Preferred
- Experience obtaining or maintaining DoD ATO certifications.
- Knowledge of FDA cybersecurity guidance and medical device security standards.
- Certifications such as CISSP, Security+, CEH, or GSEC.
- Experience with cloud security, container security, and automated testing frameworks.
- Experience working in Linux, Windows Server, virtualized environments, and network security architectures.
- Master's degree in a related technical discipline.
Additional Information
- Travel: Up to 10%
- Physical Requirements: Ability to sit for extended periods and lift equipment up to 20 pounds occasionally.
- Work Environment: Fast-paced, collaborative environment supporting highly regulated medical technology products.