Jobs · Information Technology · Texas

Application Security Engineer III

KARL STORZ North America · Stafford, TX · 6 days ago
HybridInformation TechnologyFull-time

Key Responsibilities

  • Lead and maintain DoD Authorization to Operate (ATO) certifications.
  • Serve as the primary cybersecurity contact for DoD-related projects.
  • Manage RMF compliance activities, including STIG and SCAP scanning, POA&M management, and risk mitigation planning.
  • Author and maintain cybersecurity documentation, risk analyses, and compliance reports.
  • Support certification audits, renewals, and customer-facing cybersecurity reviews.
  • Verify cybersecurity requirements through testing, documentation, and validation activities.
  • Partner with engineering teams to implement secure development practices.
  • Support threat modeling, vulnerability management, and security testing throughout the SDLC.
  • Participate in product security reviews and provide risk mitigation recommendations.
  • Design and maintain DevSecOps pipelines with automated security testing and vulnerability scanning.
  • Support secure CI/CD practices and compliance monitoring.
  • Establish and maintain cybersecurity lab environments and test infrastructure.
  • Cross-functional Collaboration
  • Collaborate with R&D, Quality, Regulatory, IT, Operations, and Product Management teams.
  • Communicate cybersecurity risks, requirements, and recommendations to technical and non-technical stakeholders.
  • Participate in customer meetings, technical reviews, and occasional on-site visits.

Qualifications

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field.
  • 5+ years of cybersecurity experience (4+ years with a Master's degree).
  • Experience supporting application, product, or embedded cybersecurity in regulated industries such as medical devices, defense, or aerospace.
  • Hands-on experience with DoD RMF, STIGs, SCAP tools, and POA&M management.
  • Knowledge of NIST frameworks, including NIST 800-53 and NIST 800-171.
  • Experience with secure software development, vulnerability management, risk assessment, and DevSecOps practices.
  • Experience with Windows and Linux hardening, network security, and system compliance validation.
  • Strong communication, analytical, organizational, and problem-solving skills.

Preferred

  • Experience obtaining or maintaining DoD ATO certifications.
  • Knowledge of FDA cybersecurity guidance and medical device security standards.
  • Certifications such as CISSP, Security+, CEH, or GSEC.
  • Experience with cloud security, container security, and automated testing frameworks.
  • Experience working in Linux, Windows Server, virtualized environments, and network security architectures.
  • Master's degree in a related technical discipline.

Additional Information

  • Travel: Up to 10%
  • Physical Requirements: Ability to sit for extended periods and lift equipment up to 20 pounds occasionally.
  • Work Environment: Fast-paced, collaborative environment supporting highly regulated medical technology products.

Similar jobs

Security Engineer III

FanaticsNew York, NY· Yesterday
Information Technology$147k–$194k/yrapply on job-boards.greenhouse.io

Security Engineer III

TalentAllyDublin, CA· 5 days ago
Information Technology$133k–$227k/yrapply on talentally.com

Security Engineer III

AspirionDurham, NC· 2 mo ago
RemoteInformation Technologyapply on recruiting.paylocity.com

Security Engineer III

PTR GlobalCupertino, CA· 2 wk ago
Information Technology$80–$90/hrapply on jobs.pinnacle1.com

Security Engineer III

JPMorganChaseWilmington, DE· 1 wk ago
Engineeringapply on jpmorganchase.contacthr.com