×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant Data Security Information Security

Compliance & Security Lead

Job in Laurel, Anne Arundel County, Maryland, 20724, USA
Listing for: The Johns Hopkins University Applied Physics Laboratory
Full Time position
Listed on 2026-02-16
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant, Data Security, Information Security
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Position: Application Compliance & Security Lead
Location: Laurel

Description

Are you an authority in application security and compliance requirements, with experience in software development and tooling like SAST, DAST, and vulnerability analysis?

Do you thrive in an innovative environment where you can translate complex compliance requirements into practical guidance that empowers development teams?

If so, we'd love to have someone like you join our team at APL!

We are seeking an Application Security Leader to help us ensure our applications meet industry security standards while enabling our developers to work efficiently. You'll be joining our enterprise applications team as the primary authority on application security and CMMC compliance, working at the intersection of compliance requirements, development practices, and security tooling. Our team builds and supports critically important applications across the laboratory, and you'll play a key role in building a security-minded and developer-friendly culture.

You'll work with dedicated developers, information protection specialists, and compliance experts who are passionate about protecting sensitive information while delivering innovative solutions.

As an Application Compliance & Security Lead

Foremost, you will be driving CMMC compliance strategy across our application portfolio, translating sophisticated requirements into actionable security controls that development teams can understand and implement.

  • You’ll serve as the go-to resource for application teams on security and compliance matters, providing practical guidance on secure development practices and helping teams navigate CMMC, NIST 800-171, SSDF, and DFARS requirements.
  • You’ll implement and maintain application security tooling including SAST, DAST, SBOM vulnerability analysis, container scanning, and dependency management, integrating these tools into CI/CD pipelines and Dev Sec Ops  workflows.
  • You’ll guide service and project managers through compliance requirements with concrete, SDLC-relevant examples, evaluating data security needs and establishing realistic security boundaries.
  • You’ll integrate security reviews into agile sprints, remove process bottlenecks by collaborating with GRC and Info Sec teams, and maintain compliance documentation for application security controls.
  • You’ll train and mentor developers on secure coding standards, conduct security assessments to identify vulnerabilities.
Qualifications

You meet our minimum qualifications for the job if you…

  • Have a Bachelor’s degree in Computer Science, Information Technology, or similar technical majors.
  • 5+ years in cybersecurity, GRC, or compliance and Dev Sec Ops .
  • Have solid knowledge of the CMMC framework, NIST SP 800-171, SSDF, and/or DFARS requirements, with proven ability to translate compliance frameworks into technical security controls.
  • Have software development experience in .NET, Java, Python, or similar languages with a solid grasp of the software development lifecycle.
  • Have experience implementing SAST, DAST, SCA, and SBOM tools such as Sonar Qube, Checkmarx, Veracode, Snyk, or OWASP ZAP.
  • Have experience integrating security into CI/CD pipelines using tools like Git Lab CI or Azure Dev Ops, with strong Dev Sec Ops  and shift-left security principles.
  • Can lead cross-team initiatives and influence without formal authority, with excellent communication skills for both technical and non-technical audiences.
  • Are able to obtain a Secret level security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

You’ll go above and beyond our minimum requirements if you…

  • Have DoD or federal contractor experience with active compliance programs.
  • Have led technical teams in development or security roles.
  • Hold certifications such as CSSLP, CISSP, Security+, CMMC CCP/RP, CEH, or GIAC.
  • Have cloud security experience with AWS, Azure, or GCP.
About Us Why Work at APL?

The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space and science challenges. While we are…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search