Jobs · Engineering · Colorado

Cyber Software Engineer II

Lockheed Martin · Littleton, CO · 1 mo ago
EngineeringFull-time

The Cyber Software Engineer (level 2) is responsible for owning security outcomes across the product lifecycle. Key responsibilities include:

  1. Leading the definition of security architecture for new features and major refactors.
  2. Conducting threat-modeling investigations and translating product requirements into concrete security controls.
  3. Spearheading comprehensive vulnerability assessments (static, dynamic, and dependency-scanning).
  4. Prioritizing vulnerability remediation and ensuring continuous compliance with frameworks such as NIST, ISO 27001, and DoD RMF.
  5. Designing, developing, and maintaining advanced Python-based automation that embeds security gates, secret scanning, policy-as-code, and automated remediation into CI/CD pipelines (GitLab, DevOps, Jenkins).
  6. Evaluating emerging tools (e.g., SBOM generators, runtime protection platforms) for enterprise adoption.

Basic Qualifications

  • Ability to obtain and maintain a SECRET security clearance.
  • Possess or ability to obtain a CompTIA Security+ certification (or DoDM 8140.03 equivalent or higher certification) within 90 days of hire.
  • Bachelor’s degree in Computer Science, Computer Engineering, Cybersecurity, Software Engineering, or a closely related technical discipline.
  • A Master’s degree or equivalent advanced coursework in security-focused subjects is a plus.
  • 3–5 years of hands-on software development experience with a demonstrable focus on security.
  • Experience should include work on modern codebases (Python, Go, C/C++, or Java) and participation in secure-by-design projects.
  • Proven experience with Linux Command Line Interface (CLI) and Bash shell.
  • Proven experience conducting static application security testing (SAST), dynamic application security testing (DAST), dependency-chain scanning, and threat modeling.
  • Familiarity with tools such as SonarQube, CodeQL, Burp Suite, Trivy, or similar.

Job Description

The Cyber Software Engineer (level 2) is a mid-level role that requires owning security outcomes across the product lifecycle. In this position you will lead the definition of security architecture for new features and major refactors, conduct threat-modeling investigations, and translate product requirements into concrete security controls. Responsibilities include spearheading comprehensive vulnerability assessments (static, dynamic, and dependency-scanning) prioritizing vulnerability remediation, and ensuring continuous compliance with frameworks such as NIST, ISO 27001, and DoD RMF. The Cyber Software Engineer (level 2) will design, develop, and maintain advanced Python-based automation that embeds security gates, secret scanning, policy-as-code, and automated remediation into CI/CD pipelines (GitLab, DevOps, Jenkins), and will evaluate emerging tools (e.g., SBOM generators, runtime protection platforms) for enterprise adoption. Authoring clear, detailed security design documents, runbooks, and stakeholder-facing briefs is a core expectation, as is mentoring junior engineers on secure coding practices, code-review techniques, and security testing. Collaboration is central as you will work closely with product owners, system and software architects, DevOps, QA, and operations teams to ensure that secure, cyber-centric features are delivered on schedule and that security considerations are baked into sprint planning and release cycles.

Desired Skills

  • Familiarity with National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), Risk Management Framework (RMF), and/or Secure Software Development Framework (SSDF).
  • Familiarity with Defense Information Systems Agency (DISA), Center for Internet Security (CIS), International Organization for Standardization (ISO), or equivalent cyber security standards providers.
  • Practical knowledge of continuous integration/continuous delivery platforms (GitLab CI, Azure DevOps, Jenkins, GitHub Actions) and the ability to integrate security gates, automated scans, and policy-as-code into pipelines.
  • Experience writing reusable Python automation scripts or modules is required.
  • Strong command of Python for security tooling, plus competence in at least one additional language (e.g., Go, C/C++, Java) to understand and influence production code.
  • Excellent written and verbal communication skills, with the ability to translate complex security concepts into clear documentation and to work effectively with product owners, architects, DevOps, QA, and other cross-functional teams.
  • Evidenced commitment to staying current on emerging threats, vulnerabilities, and industry best practices through self-directed study, conferences, or participation in professional communities.

Similar jobs

Cyber Engineer II

Integral Federal, Inc.Aberdeen Proving Ground, MD· 4 mo ago
Engineering$125k–$152k/yrapply on careers-integralfed.icims.com