STEM OPT Security Software Engineer Jobs

Job Description

We are seeking a Security Software Engineer to build and harden software systems supporting DoD programs operating under CMMC/NIST 800-171/FedRAMP compliance requirements. You will embed security across the SDLC—from design and code review through CI/CD and cloud deployment—working alongside engineering, DevSecOps, and IT teams in a regulated, cloud-native environment (AWS Commercial and GovCloud, Azure GCC High).

Responsibilities

• Core Engineering & Secure Development
  • Design and develop secure software with a security-first mindset baked into every phase of the SDLC.
  • Apply secure coding standards, threat modeling, and vulnerability mitigation aligned to NIST 800-53 and CMMC Level 2/3 controls.
  • Conduct architecture reviews and code hardening to address OWASP Top 10 and DoD STIGs.
  • Automate security gates in CI/CD pipelines (SAST, DAST, dependency scanning, secrets detection).
• Security Architecture & Controls
  • Design secure system and API architectures for multi-tenant cloud environments, including GCC High and FedRAMP-authorized platforms.
  • Implement IAM controls, JIT provisioning, SSO/SAML/OIDC flows, and least-privilege authorization frameworks (e.g., Cognito, Azure AD).
  • Instrument applications with security logging and monitoring that satisfies audit and continuous monitoring requirements (AU/SI control families).
• Vulnerability Management & Response
  • Lead code reviews, SAST/DAST scans, and targeted penetration testing; document findings against control frameworks.
  • Triage and remediate vulnerabilities within POA&M timelines; maintain artifact evidence for compliance assessments.
  • Support incident response for application-layer events; contribute to after-action reports and corrective action plans.
• Cross-functional Collaboration
  • Serve as the embedded security champion for engineering squads, raising the security bar through mentorship and code review culture.
  • Develop and deliver security training and runbooks tailored to engineering and DevOps team members.
  • Collaborate with DevOps/SRE to enforce secure IaC, WAF rules, network controls, and runtime monitoring across AWS and Azure environments.

Required Qualifications

• Bachelor’s degree in Computer Science, Engineering, or related field—or equivalent experience.
• 3+ years of software engineering experience with a strong focus on security.
• Proficiency in one or more programming languages (e.g., JavaScript/TypeScript, Python, Go, C#).
• Experience with secure coding practices and frameworks.
• Strong understanding of application security principles, including:
  • OWASP Top 10
  • Secure API/REST design
  • Cryptography fundamentals
  • Authentication/authorization patterns
• Experience with code scanning tools (SAST/DAST), threat modeling, and penetration testing.
• Familiarity with NIST 800-171, CMMC, or FedRAMP security control requirements and evidence collection.
• Hands-on experience with AWS and/or Azure security services (IAM, WAF, Security Hub, Defender, Sentinel); GCC High or GovCloud experience a plus.

Preferred Qualifications

• Experience with container security (Docker, ECS).
• Working knowledge of Zero Trust Architecture principles.
• Experience building DevSecOps pipelines in regulated environments; familiarity with tools like Prisma, Checkov, Snyk, or Aqua.
• Relevant certifications (any of the following):
  • CISSP, CSSLP, or CASP+
  • OSCP
  • CEH
  • GIAC (GWAPT, GSEC, GWEB) or CCP/CCA (UK Cyber Essentials equivalent)
• Experience securing microservices or event-driven architectures on ECS; background in federal or cleared environments preferred.