Cyber Software Engineer II
The Cyber Software Engineer (level 2) is responsible for owning security outcomes across the product lifecycle. Key responsibilities include:
- Leading the definition of security architecture for new features and major refactors.
- Conducting threat-modeling investigations and translating product requirements into concrete security controls.
- Spearheading comprehensive vulnerability assessments (static, dynamic, and dependency-scanning).
- Prioritizing vulnerability remediation and ensuring continuous compliance with frameworks such as NIST, ISO 27001, and DoD RMF.
- Designing, developing, and maintaining advanced Python-based automation that embeds security gates, secret scanning, policy-as-code, and automated remediation into CI/CD pipelines (GitLab, DevOps, Jenkins).
- Evaluating emerging tools (e.g., SBOM generators, runtime protection platforms) for enterprise adoption.
Basic Qualifications
- Ability to obtain and maintain a SECRET security clearance.
- Possess or ability to obtain a CompTIA Security+ certification (or DoDM 8140.03 equivalent or higher certification) within 90 days of hire.
- Bachelor’s degree in Computer Science, Computer Engineering, Cybersecurity, Software Engineering, or a closely related technical discipline.
- A Master’s degree or equivalent advanced coursework in security-focused subjects is a plus.
- 3–5 years of hands-on software development experience with a demonstrable focus on security.
- Experience should include work on modern codebases (Python, Go, C/C++, or Java) and participation in secure-by-design projects.
- Proven experience with Linux Command Line Interface (CLI) and Bash shell.
- Proven experience conducting static application security testing (SAST), dynamic application security testing (DAST), dependency-chain scanning, and threat modeling.
- Familiarity with tools such as SonarQube, CodeQL, Burp Suite, Trivy, or similar.
Job Description
The Cyber Software Engineer (level 2) is a mid-level role that requires owning security outcomes across the product lifecycle. In this position you will lead the definition of security architecture for new features and major refactors, conduct threat-modeling investigations, and translate product requirements into concrete security controls. Responsibilities include spearheading comprehensive vulnerability assessments (static, dynamic, and dependency-scanning) prioritizing vulnerability remediation, and ensuring continuous compliance with frameworks such as NIST, ISO 27001, and DoD RMF. The Cyber Software Engineer (level 2) will design, develop, and maintain advanced Python-based automation that embeds security gates, secret scanning, policy-as-code, and automated remediation into CI/CD pipelines (GitLab, DevOps, Jenkins), and will evaluate emerging tools (e.g., SBOM generators, runtime protection platforms) for enterprise adoption. Authoring clear, detailed security design documents, runbooks, and stakeholder-facing briefs is a core expectation, as is mentoring junior engineers on secure coding practices, code-review techniques, and security testing. Collaboration is central as you will work closely with product owners, system and software architects, DevOps, QA, and operations teams to ensure that secure, cyber-centric features are delivered on schedule and that security considerations are baked into sprint planning and release cycles.
Desired Skills
- Familiarity with National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), Risk Management Framework (RMF), and/or Secure Software Development Framework (SSDF).
- Familiarity with Defense Information Systems Agency (DISA), Center for Internet Security (CIS), International Organization for Standardization (ISO), or equivalent cyber security standards providers.
- Practical knowledge of continuous integration/continuous delivery platforms (GitLab CI, Azure DevOps, Jenkins, GitHub Actions) and the ability to integrate security gates, automated scans, and policy-as-code into pipelines.
- Experience writing reusable Python automation scripts or modules is required.
- Strong command of Python for security tooling, plus competence in at least one additional language (e.g., Go, C/C++, Java) to understand and influence production code.
- Excellent written and verbal communication skills, with the ability to translate complex security concepts into clear documentation and to work effectively with product owners, architects, DevOps, QA, and other cross-functional teams.
- Evidenced commitment to staying current on emerging threats, vulnerabilities, and industry best practices through self-directed study, conferences, or participation in professional communities.