Application Security Engineer
Company: SciTec
Location: Boulder
Posted on: September 2, 2024
|
|
Job Description:
Description: SciTec has been awarded multiple government
contracts and is growing our creative team! SciTec, Inc. is a
dynamic small business with the mission to deliver advanced sensor
data processing technologies and scientific instrumentation
capabilities in support of National Security and Defense. We
support customers throughout the Department of Defense and U.S.
Government in building innovative new tools to deliver unique
world-class data exploitation capabilities.Important Notice: SciTec
exclusively works on U.S. government contracts that require U.S.
citizenship for all employees. SciTec cannot sponsor or assume
sponsorship of employee work visas of any type. Further, U.S.
citizenship is a requirement to obtain and keep a security
clearance. Applicants that do not meet these requirements will not
be considered.SciTec has an immediate opportunity for a talented
Application Security Engineer in our Boulder, CO office. The
Application Security Engineer will support developers in designing,
implementing, and verifying secure application
environments.ResponsibilitiesPerform security analysis of software
applications using both automated tooling (static code analysis,
software composition analysis, fuzzing) and manual code and design
reviewSupport integration of tools and processes into DevSecOps
pipelinesDesign, implement, and integrate improvements to SciTec's
software analysis continuous integration toolingSupport software
developers in remediating issues identified during code
analysisSupport software developers in integrating security into
system designsOther duties as assignedRequirementsSix years of
experience in cybersecurity or software development OR a Bachelor's
degree and two years of experience OR a Master's degreeEither two
years of experience (industry or open-source contributions)
specifically focused on software security OR an academic thesis
project (or equivalent) on software security topicsCandidate must
be capable of qualifying for a SECRET DoD or DoE security
clearanceCandidate must be capable of satisfying DoD 8570.01M
Information Assurance System Architect and Engineer Level 1
training requirements within six months of hireDetail orientedGood
verbal and written communication skillsCandidates who have an
active DoD or DoE security clearance will be strongly preferred. In
addition, we are seeking candidates who have any of the following
skills or experiences:Experience identifying, exploiting, and
remediating application vulnerabilities. Credit for pubished CVEs
is a plusExperience with one or more of the following programming
languages: C++, Python, JavaScript (or TypeScript), RustExperience
with using and configuring static code analysis tooling (e.g.
Coverity, Klockwork, SonarQube, etc.)Experience with using and
configuring software composition analysis tooling (e.g. Sonatype,
Anchore, Snyk, JFrog, XRay, etc.)Experience with vulnerability
discovery using fuzzing (AFL, AFL , honggfuzz, etc.)Experience with
application debugging, runtime instrumentation (Strace, eBPF), and
reverse engineering (Ghidra, IDA Pro)Familiarity with threat
modeling tools such as the MITRE ATT&CK framework Resumes,
Cover Letters, and Applications which are generated by AI will not
be considered for employment.Colorado Residents: In any materials
you submit, you may redact or remove age-identifying information
such as age, date of birth, or dates of school attendance or
graduation. You will not be penalized for redacting or removing
this information.BenefitsSciTec offers a highly competitive salary
and benefits package, including:Employee Stock Ownership Plan
(ESOP)3% Fully Vested Company 401K Contribution (no employee
contribution required)100% company paid HSA Medical insurance, with
a choice of 2 buy-up options80% company paid Dental insurance100%
company paid Vision insurance100% company paid Life insurance100%
company paid Long-term Disability insurance100% company paid
Hospital Indemnity insuranceVoluntary Accident and Critical Illness
insuranceShort-term Disability insuranceAnnual Profit-Sharing
PlanDiscretionary Performance BonusPaid Parental LeaveGenerous Paid
Time Off, including Holiday, Vacation, and Sick PayFlexible Work
HoursThe pay range for this position is $90,000 - $146,000/year.
SciTec considers several factors when extending an offer of
employment, including but not limited to the role and associated
responsibilities, a candidate's work experience,
education/training, and key skills. This is not a guarantee of
compensation.SciTec is committed to hiring and retaining a diverse
workforce and is proud to be an Equal Opportunity/Affirmative
Action employer.
Keywords: SciTec, Boulder , Application Security Engineer, Engineering , Boulder, Colorado
Click
here to apply!
|