Cyber Software Engineer II Security Clearance

Position: Cyber Software Engineer II with Security Clearance
Job Number 731472

Description:

The Cyber Software Engineer (level
2) is a mid-level role that requires owing security outcomes across the product lifecycle. In this position you will lead the definition of security architecture for new features and major refactors, conduct threat-modeling investigations, and translate product requirements into concrete security controls. Responsibilities include spearheading comprehensive vulnerability assessments (static, dynamic, and dependency-scanning) prioritizing vulnerability remediation, and ensuring continuous compliance with frameworks such as NIST, ISO 27001, and DoD RMF.

The Cyber Software Engineer (level
2) will design, develop, and maintain advanced Python-based automation that embeds security gates, secret scanning, policy-as-code, and automated remediation into CI/CD pipelines (Git Lab, Dev Ops, Jenkins), and will evaluate emerging tools (e.g., SBOM generators, runtime protection platforms) for enterprise adoption. Authoring clear, detailed security design documents, runbooks, and stakeholder-facing briefs is a core expectation, as is mentoring junior engineers on secure coding practices, code-review techniques, and security testing.

Collaboration is central as you will work closely with product owners, system and software architects, Dev Ops, QA, and operations teams to ensure that secure, cyber-centric features are delivered on schedule and that security considerations are baked into sprint planning and release cycles. To succeed at this level, candidates should have 3-5 years of software development in a cybersecurity environment with a strong focus on security, deep knowledge of OWASP ASVS, NIST CSF, MITRE ATT&CK, and secure coding standards, and hands-on expertise with SAST/DAST tools, container security scanners, and infrastructure-as-code platforms.

In addition to technical proficiency, this role must demonstrate strong analytical and communication skills, the ability to influence cross-functional teams, and a commitment to mentorship and continuous learning.

Basic Qualifications:

• Ability to obtain and maintain a SECRET security clearance.
• Possess or ability to obtain a CompTIA Security+ certification (or DoDM 8140.03 equivalent or higher certification) within 90 days of hire
• Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, Software Engineering, or a closely related technical discipline. A Master's degree or equivalent advanced coursework in security-focused subjects is a plus.
• 3-5 years of hands-on software development experience with a demonstrable focus on security. Experience should include work on modern codebases (Python, Go, C/C++, or Java) and participation in secure-by-design projects.
• Proven experience with Linux Command Line Interface (CLI) and Bash shell
• Proven experience conducting static application security testing (SAST), dynamic application security testing (DAST), dependency-chain scanning, and threat modeling. Familiarity with tools such as Sonar Qube, CodeQL, Burp Suite, Trivy, or similar. Desired

Skills:

• Familiarity with National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), Risk Management Framework (RMF), and/or Secure Software Development Framework (SSDF).
• Familiarity with Defense Information Systems Agency (DISA), Center for Internet Security (CIS), International Organization for Standardization (ISO), or equivalent cyber security standards providers.
• Practical knowledge of continuous integration/continuous delivery platforms (Git Lab CI, Azure Dev Ops, Jenkins, Git Hub Actions) and the ability to integrate security gates, automated scans, and policy-as-code into pipelines. Experience writing reusable Python automation scripts or modules is required.
• Strong command of Python for security tooling, plus competence in at least one additional language (e.g., Go, C/C++, Java) to understand and influence production code.
• Excellent written and verbal communication skills, with the ability to translate complex security concepts into clear documentation and to work effectively with product owners, architects, Dev Ops, QA, and other…