Application Security Engineer Jobs in USA with Visa Sponsorship

Job Function: Research & Development

Location:

Stafford, TX, US, 77477

Work Location (for field-based positions):

Work Flexibility: Hybrid

Pay Range: $101,800 - $132,300

Job ID: 5566

Why KARL STORZ?

At KARL STORZ, we are driven by innovation and a commitment to improving patient outcomes through cutting-edge medical technology. As a global leader in endoscopy and medical imaging, we offer an environment where collaboration, technical excellence, and continuous learning are highly valued. Join a team where your cybersecurity expertise will directly contribute to the development of secure, compliant, and life-changing healthcare technologies.

Position Summary

The Application Security Engineer III serves as the technical lead for cybersecurity compliance and secure product development initiatives, with primary responsibility for achieving and maintaining Department of Defense (DoD) Authorization to Operate (ATO) certifications under the Risk Management Framework (RMF). This role partners closely with Software Engineering, Systems Engineering, Quality, Regulatory, and Product Management teams to ensure products meet cybersecurity requirements throughout the development lifecycle.

Key Responsibilities

DoD RMF & ATO Leadership

• Lead and maintain DoD Authorization to Operate (ATO) certifications.
• Serve as the primary cybersecurity contact for DoD-related projects.
• Manage RMF compliance activities, including STIG and SCAP scanning, POA&M management, and risk mitigation planning.
• Author and maintain cybersecurity documentation, risk analyses, and compliance reports.
• Support certification audits, renewals, and customer-facing cybersecurity reviews.

Product Security & Verification

• Verify cybersecurity requirements through testing, documentation, and validation activities.
• Partner with engineering teams to implement secure development practices.
• Support threat modeling, vulnerability management, and security testing throughout the SDLC.
• Participate in product security reviews and provide risk mitigation recommendations.

DevSecOps & Security Operations

• Design and maintain DevSecOps pipelines with automated security testing and vulnerability scanning.
• Support secure CI/CD practices and compliance monitoring.
• Establish and maintain cybersecurity lab environments and test infrastructure.

Cross-Functional Collaboration

• Collaborate with R&D, Quality, Regulatory, IT, Operations, and Product Management teams.
• Communicate cybersecurity risks, requirements, and recommendations to technical and non-technical stakeholders.
• Participate in customer meetings, technical reviews, and occasional on-site visits.

Qualifications

Required

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field.
• 5+ years of cybersecurity experience (4+ years with a Master's degree).
• Experience supporting application, product, or embedded cybersecurity in regulated industries such as medical devices, defense, or aerospace.
• Hands-on experience with DoD RMF, STIGs, SCAP tools, and POA&M management.
• Knowledge of NIST frameworks, including NIST 800-53 and NIST 800-171.
• Experience with secure software development, vulnerability management, risk assessment, and DevSecOps practices.
• Experience with Windows and Linux hardening, network security, and system compliance validation.
• Strong communication, analytical, organizational, and problem-solving skills.

Preferred

• Experience obtaining or maintaining DoD ATO certifications.
• Knowledge of FDA cybersecurity guidance and medical device security standards.
• Certifications such as CISSP, Security+, CEH, or GSEC.
• Experience with cloud security, container security, and automated testing frameworks.
• Experience working in Linux, Windows Server, virtualized environments, and network security architectures.
• Master's degree in a related technical discipline.

Additional Information

Travel: Up to 10%

Physical Requirements: Ability to sit for extended periods and lift equipment up to 20 pounds occasionally.

Work Environment: Fast-paced, collaborative environment supporting highly regulated medical technology products.

Eligible Employee Benefits

• Medical / Dental / Vision including a state-of-the-art wellness program and pet insurance, too!
• 3 weeks vacation, 11 holidays plus paid sick time
• Up to 8 weeks of 100% paid company parental leave; includes maternal/paternal leave, adoption, and fostering of a child.
• 401(k) retirement savings plan providing a match of 60% of the employee’s first 6% contribution (up to IRS limits)
• Section 125 Flexible Spending Accounts
• Life, STD, LTD & LTC Insurance
• We prepay your tuition up to $5,250 per year! - Tuition pre-reimbursement
• Fitness reimbursement of up to $200 annually
• And much more!

KARL STORZ reserves the right to change or modify the employee’s job description whether orally or in writing, at any time during the employment relationship. Additionally, KARL STORZ, through its supervisors, may require an employee to perform duties outside their normal description within the sole discretion of the supervisor. Employees must comply with all applicable KARL STORZ policies and procedures.

KARL STORZ is committed to creating an inclusive space where employees are valued for their skills and unique experiences. To achieve this goal, we are committed to diverse voices, and all applicants will receive consideration without regard to race, color, sex, national origin, disability, veteran status, or any other protected characteristic. KARL STORZ is also committed to providing reasonable accommodations during our recruitment process. Should you need assistance or accommodation please email us at taoperations@karlstorz.com.