Jobs · Information Technology · Colorado

Staff/Sr. Staff Application Security Engineer

SciTec · Boulder, CO · 3 wk ago
On-siteInformation Technology$98k–$146k/yrFull-time

Responsibilities

  • Perform application security analysis using both automated and manual techniques, including: Static code analysis (SAST), Software composition analysis (SCA), Fuzzing
  • Manual code and design reviews
  • Identify, analyze, and help remediate application vulnerabilities
  • Support software engineers in integrating security considerations into system and application designs
  • Integrate and maintain application security tooling within CI/CD and DevSecOps pipelines
  • Design, implement, and improve continuous integration security analysis tooling
  • Tune and maintain security tools to reduce false positives and improve signal quality
  • Assist development teams in understanding findings and implementing effective fixes
  • Support threat modeling and secure design reviews
  • Stay current with emerging vulnerabilities, attack techniques, and mitigation strategies
  • Document findings, recommendations, and best practices

Requirements

  • Bachelor's degree plus 2+ years of professional experience in cybersecurity or software development, or equivalent experience
  • 2+ years of experience focused on application/software security
  • Familiarity with secure software development practices
  • Strong analytical, problem-solving, and communication skills
  • Detail-oriented with strong written and verbal communication abilities
  • Ability to qualify for and maintain a DoD or DoE Secret security clearance
  • Ability to meet DoD 8140.01 Cyberspace Workforce Management requirements within six months of hire

Qualifications

  • Active DoD Secret clearance or higher
  • Credit for published CVEs is a strong plus
  • Proficiency in one or more programming languages such as C++, Python, JavaScript, Rust
  • Experience configuring and operating static analysis tools (e.g., Coverity, Klocwork, SonarQube)
  • Experience configuring and operating software composition analysis tools (e.g., Snyk, Sonatype, Anchore, JFrog Xray)
  • Experience with fuzzing frameworks (AFL, AFL++, honggfuzz, or similar)
  • Experience with debugging, runtime instrumentation, or reverse engineering, including tools such as: strace eBPF Ghidra or IDA Pro
  • Familiarity with threat modeling methodologies and frameworks such as MITRE ATT&CK
  • Experience working in DevSecOps or Agile development environments

Benefits

  • 4% Safe Harbor 401(k) match
  • 100% company paid HSA Medical insurance, with a choice of 2 buy-up options
  • 80% company paid Dental insurance
  • 100% company paid Vision insurance
  • 100% company paid Life insurance
  • 100% company paid Long-term Disability insurance
  • 100% company paid Hospital Indemnity insurance
  • Voluntary Accident and Critical Illness insurance
  • Short-term Disability insurance
  • Annual Profit-Sharing Plan
  • Discretionary Performance Bonus
  • Paid Parental Leave
  • Generous Paid Time Off, including Holiday, Vacation, and Sick Pay
  • Flexible Work Hours

Similar jobs