Jobs · Engineering · Maryland

Software Security Engineer

Vidoori Inc. · Hyattsville, MD · 1 wk ago
HybridEngineeringFull-time

About the role

The Security Software Developer role at Vidoori involves designing, building, and maintaining secure software components and developer-focused security tooling. This position requires collaboration across engineering, product, and security teams to reduce risk, improve runtime protection, and embed security earlier in the development process.

Responsibilities

  • Design, implement, and maintain security libraries, SDKs, and application-level protections that are secure by design and easy for engineers to adopt.
  • Develop and integrate security automation and developer tooling into CI/CD pipelines to support shift-left security, automated scanning, and feedback loops.
  • Build runtime defense capabilities such as input validation, secure authentication/authorization flows, secrets handling, and secure configuration management.
  • Author and maintain static and dynamic analysis integrations, custom rules or detectors, and remediation guidance to reduce vulnerability introduction and speed up fixes.
  • Collaborate with application teams to threat-model, define security controls, and ensure secure implementation of features across the development lifecycle.
  • Contribute to secure CI/CD patterns, signing and verification of artifacts, and supply-chain protections to improve provenance and integrity of releases.
  • Implement logging, telemetry, and alerting for security-related events and provide actionable context to support incident detection and response.
  • Participate in vulnerability triage, root cause analysis, and coordinated remediation; contribute to post-incident reviews and preventative measures.
  • Produce clear developer-focused documentation, secure coding guidelines, and runbooks to improve team capability and promote consistent practices.
  • Engage in threat research and proof-of-concept work to evaluate new defensive techniques, open-source tools, and runtime protections.

Requirements

  • Bachelor’s degree in Computer Science, Engineering, or a related discipline, or equivalent practical experience.
  • Proven experience (typically 10+ years) in software development with a focus on security, secure design, or security engineering within cloud-native environments.
  • Strong programming skills in one or more languages commonly used for backend and tooling (e.g., Python, Go, Java, C#).
  • Experience integrating security tooling (SAST, DAST, SCA, dependency scanning) into CI/CD pipelines and developing custom checks or rules.
  • Solid understanding of authentication and authorization standards (OAuth2, OpenID Connect, JWT), secrets management, cryptography basics, and secure session handling.
  • Familiarity with container and orchestration environments (Docker, Kubernetes) and practical experience implementing runtime security controls and image hardening.
  • Experience with cloud platforms (AWS, Azure or GCP) and applying platform security best practices (IAM, network controls, KMS, secrets stores).
  • Good knowledge of secure development lifecycle concepts, threat modeling, and common vulnerability classes (OWASP Top Ten, SANS CWE).
  • Excellent communication skills with the ability to explain security concepts to developers and stakeholders and to produce clear technical documentation.

Qualifications

  • Professional security certifications (CISSP, CSSLP, OSCP, CEH or cloud provider security certs) are advantageous.
  • Experience with policy-as-code and enforcement (OPA, Gatekeeper), runtime protection (WAF, RASP, eBPF-based tooling) or service mesh security patterns.
  • Familiarity with secure software supply chain practices, artifact signing, SBOMs, and reproducible builds.
  • Practical experience contributing to open-source security projects or developing community-facing security tools.
  • Background in incident response, forensic analysis, or red/blue team exercises and knowledge of common detection strategies.

Benefits and Career Development

  • Competitive base salary with performance-related bonus and incentives linked to technical and delivery outcomes.
  • Flexible working arrangements, including hybrid options to support a healthy work-life balance.
  • Supportive and inclusive culture with investment in professional development, training, and mentorship opportunities.
  • Opportunity to influence security strategy, adopt emerging defensive technologies, and progress into senior technical or security leadership roles.
  • Work on high-impact security and software engineering engagements across public sector and commercial clients.

Application Guidance

  • Location: Hybrid (DMV Area)
  • Employment Type: Full-time, mid to senior-level
  • Eligibility: U.S. Citizenship Required, Public Trust Clearance Necessary

About Vidoori

Vidoori, Inc. is a consulting firm that provides Program Management, Information Technology, and Engineering services for government and commercial clients. Our team's experience and ongoing support span numerous government agencies, including the Census Bureau, Centers for Medicare & Medicaid Services, Department of Defense (Army branch), Department of Homeland Security, Social Security Administration, and Department of Veterans Affairs. Vidoori is committed to providing our partners with a low-cost, low-risk, and high-quality-driven small business partner for their mission-critical needs. Our corporate culture is essential to allowing the organization to differentiate itself, fostering cohesion and motivation among employees and conveying a positive image to customers, which can lead to a sense of closeness to the company or even become a criterion of choice.

Similar jobs