Software Security Engineer

Must have:

• U.S. Citizenship and an active Secret clearance
• Demonstrated expertise in conducting static security analysis of Java code
• Proficiency in reading, understanding, and elucidating Java logic and vulnerabilities
• Hands-on experience with Fortify and Software Security Center (SSC)
• CompTIA Security+ certification (DoD 8570 IAT Level II compliant)
• Ability to work full-time on-site in Newport News, VA (80–90% of tasks performed in a secure lab)
• Bachelors degree in Computer Science, Information Security, or a related field with 2+ years of experience
• Solid understanding of cybersecurity engineering principles and secure software development
• Familiarity with Risk Management Framework (RMF) controls and documentation
• Knowledge of ACAS scanning, configuration, and reporting
• Experience with STIG implementation and compliance enforcement
• Awareness of industry frameworks such as NIST, NIST 800-53, and ISO 27001
• Strong analytical abilities and capacity to communicate technical results clearly

• Conduct static security analysis of Java source code to identify vulnerabilities and weaknesses, clearly conveying findings to development teams
• Utilize Fortify and Software Security Center (SSC) to perform scans, analyze results, verify vulnerabilities, and assist in remediation efforts
• Contribute to secure software design by implementing defense-in-depth strategies for Java systems in classified settings
• Provide technical insights for RMF activities, including evidence of vulnerabilities, details of control implementation, and tracking of remediation efforts (not policy-based)
• Execute vulnerability assessments and security evaluations in compliance with DoD standards
• Apply and confirm Security Technical Implementation Guides (STIGs) and configuration controls across various systems and applications
• Monitor systems with ACAS and other DoD-approved tools to detect security threats and compliance deficiencies
• Engage in incident response and forensic analysis activities as necessary
• Collaborate with software developers regarding secure coding practices and vulnerability remediation
• Work with systems engineers on architecture and control implementation
• Partner with ISSOs and network teams addressing compliance and operational security
• Generate clear technical documentation and presentations for both technical and non-technical audiences
• Mentor junior engineers and enhance the ongoing improvement of security methodologies

Company:

At Caribou Thunder, we are a HUBZone-certified small business committed to delivering advanced technical and engineering services to the U.S. Department of War and our mission partners. Our work spans across more than 35 states and 20 countries, reinforcing national readiness for diverse operations on land, underwater, in the air, and in space. Our dedicated team ensures exceptional capability from ocean depths to cosmic boundaries, consistently meeting timelines while adhering to high compliance standards and delivering precision in high-stakes environments.

We pride ourselves on our robust employee advocacy, offering comprehensive benefits such as premium health, dental, and vision insurance, a competitive 401(k) with company match, flexible paid time off, and opportunities for education and certification reimbursement. Join us, lets shape the future together!