Cybersecurity Code Test Engineer
About The Role
This engineer owns end-to-end security testing across embedded firmware, cloud-native applications, and the software supply chain, anchored to the NIST SP 800-218 SSDF. Responsibilities include integrating automated security gates into CI/CD pipelines, conducting SAST/DAST across compiled code, microservices, and firmware binaries, and managing SCA tooling with SBOM generation for code provenance and regulatory compliance. The engineer partners with development teams on secure repository practices — cryptographic signing, branch protections, and secret-leakage monitoring — and participate in threat modeling throughout the product lifecycle. The role also applies AI/ML to advance test generation, vulnerability triage, and firmware fuzzing to stay ahead of known and emergent threats.
Key Responsibilities
- SSDF Alignment — Operationalize and validate engineering practices against NIST SP 800-218 to ensure product resilience, supply chain integrity, and regulatory compliance.
- Participate in threat modeling early in the product lifecycle to establish security test plans.
- CII/CD Pipeline Automation — Architect and maintain automated security gates within CI/CD engines, with auto-failing builds on high-risk vulnerabilities while preserving developer velocity.
- SAST/DAST Analysis — Implement SAST policies across compiled code, microservices, and firmware binaries to catch logic flaws and unsafe memory operations. Design DAST frameworks to probe runtime applications, APIs, and microservices for structural, access control, and routing vulnerabilities.
- Software Supply Chain Security — Deploy SCA tooling to track open-source licenses, manage technical debt, and surface vulnerabilities in third-party packages. Generate and audit SBOM artifacts in machine-readable formats (CycloneDX, SPDX) for compliance and stakeholder reporting.
- Repository Management & Access Controls — Standardize repository layouts, cryptographic signing, and branch protections. Deploy continuous monitoring to detect accidental secret leakage, API tokens, and embedded credentials.
- AI-Driven Testing — Apply AI/ML to enhance test generation, auto-triage SAST false positives, and identify anomalous behavior. Leverage AI-assisted fuzzing platforms to probe firmware interfaces and network stacks for unknown vulnerabilities.
Required Qualifications
- Technical Skill Requirements & Tools: Deep familiarity or direct operational proficiency with CI/CD Platforms, SAST & DAST Solutions, SCA & SBOM Operations, Firmware & Embedded Analysis, and AI-Assisted Security & Fuzzing.
- Experience & Qualifications: Minimum of 4–6 years of dedicated experience in software engineering, application security, and embedded firmware vulnerability assessment. Demonstrated capacity analyzing hardware formats, embedded operating systems, memory corruption boundaries, and hardware security architectures. Strong capabilities writing and debugging scripts in Python, C/C++, Rust, Go, or Bash to customize automated tooling wrappers. Certifications (Preferred): CSSLP, GSSP-C/GSSP-Java, CEH, or advanced hardware security credentials.
Compensation & Benefits
- Base Salary: $155,000 – $195,000 (DOE)
- Equity: Stock options
- Benefits: Medical, dental, vision, 401(k), paid time off