Security Software Engineer (Hanover)

***This is NOT a remote position*** Job Description We are seeking a Security Software Engineer to build and harden software systems supporting DoD programs operating under CMMC/NIST 800-171/FedRAMP compliance requirements. You will embed security across the SDLC—from design and code review through CI/CD and cloud deployment—working alongside engineering, DevSecOps, and IT teams in a regulated, cloud-native environment (AWS Commercial and GovCloud, Azure GCC High). Responsibilities Core Engineering & Secure Development Design and develop secure software with a security-first mindset baked into every phase of the SDLC.

Apply secure coding standards, threat modeling, and vulnerability mitigation aligned to NIST 800-53 and CMMC Level 2/3 controls. Conduct architecture reviews and code hardening to address OWASP Top 10 and DoD STIGs. Automate security gates in CI/CD pipelines (SAST, DAST, dependency scanning, secrets detection).

Security Architecture & Controls Design secure system and API architectures for multi-tenant cloud environments, including GCC High and FedRAMP-authorized platforms. Implement IAM controls, JIT provisioning, SSO/SAML/OIDC flows, and least-privilege authorization frameworks (e.g., Cognito, Azure AD). Instrument applications with security logging and monitoring that satisfies audit and continuous monitoring requirements (AU/SI control families).

Vulnerability Management & Response Lead code reviews, SAST/DAST scans, and targeted penetration testing; document findings against control frameworks. Triage and remediate vulnerabilities within POA&M timelines; maintain artifact evidence for compliance assessments. Support incident response for application-layer events; contribute to after-action reports and corrective action plans.

Cross-functional Collaboration Serve as the embedded security champion for engineering squads, raising the security bar through mentorship and code review culture. Develop and deliver security training and runbooks tailored to engineering and DevOps team members. Collaborate with DevOps/SRE to enforce secure IaC, WAF rules, network controls, and runtime monitoring across AWS and Azure environments.

Required Qualifications Bachelor’s degree in Computer Science, Engineering, or related field—or equivalent experience. 3+ years of software engineering experience with a strong focus on security. Proficiency in one or more programming languages (e.g., JavaScript/TypeScript, Python, Go, C#). Experience with secure coding practices and frameworks.

Strong understanding of application security principles, including: OWASP Top 10 Secure API/REST design Cryptography fundamentals Authentication/authorization patterns Experience with code scanning tools (SAST/DAST), threat modeling, and penetration testing. Familiarity with NIST 800-171, CMMC, or FedRAMP security control requirements and evidence collection. Hands-on experience with AWS and/or Azure security services (IAM, WAF, Security Hub, Defender, Sentinel); GCC High or GovCloud experience a plus.

Preferred Qualifications Experience with container security (Docker, ECS). Working knowledge of Zero Trust Architecture principles. Experience building DevSecOps pipelines in regulated environments; familiarity with tools like Prisma, Checkov, Snyk, or Aqua.

Relevant certifications (any of the following): CISSP, CSSLP, or CASP+ OSCP CEH GIAC (GWAPT, GSEC, GWEB) or CCP/CCA (UK Cyber Essentials equivalent) Experience securing microservices or event-driven architectures on ECS; background in federal or cleared environments preferred.