Staff/Sr. Staff Application Security Engineer

SciTec, Inc.
Princeton, United States of America
1 month ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 146K

Job location

Princeton, United States of America

Tech stack

JavaScript
Agile Methodologies
Artificial Intelligence
C++
Static Program Analysis
System Configuration
Continuous Integration
Software Debugging
Fuzz Testing
Python
Reverse Engineering
Software Engineering
SonarQube
Systems Integration
Rust
Sonatype
Software Security
Mitre Att&ck
IDA Pro
Devsecops
Static Application Security Testing
Programming Languages

Job description

SciTec, a wholly owned subsidiary of Firefly Aerospace, is a dynamic non-traditional defense contractor that delivers advanced technologies in support of U.S. National Security and Defense. For the past forty-five plus years, we have supported Department of Defense customers by developing innovative remote sensing algorithms, tools, and techniques to deliver world-class data exploitation capabilities supporting missile defense; intelligence, surveillance, & reconnaissance; space domain awareness; and aircraft survivability missions., SciTec has an immediate opportunity for a talented engineer to support our programs delivering Next-Generation Missile Warning software. This is a unique opportunity to join a business delivering core capabilities for National defense. You will work within a fast-paced team delivering end-to-end software processing of Overhead Persistent InfraRed (OPIR) sensor data for Missile Warning, Missile Defense, Battlespace Awareness, and Technical Intelligence., * Perform application security analysis using both automated and manual techniques, including:

  • Static code analysis (SAST)
  • Software composition analysis (SCA)
  • Fuzzing
  • Manual code and design reviews

Identify, analyze, and help remediate application vulnerabilities

Support software engineers in integrating security considerations into system and application designs

Integrate and maintain application security tooling within CI/CD and DevSecOps pipelines

Design, implement, and improve continuous integration security analysis tooling

Tune and maintain security tools to reduce false positives and improve signal quality

Assist development teams in understanding findings and implementing effective fixes

Support threat modeling and secure design reviews

Stay current with emerging vulnerabilities, attack techniques, and mitigation strategies

Document findings, recommendations, and best practices

Perform other duties as assigned

Requirements

The ideal candidate combines strong technical security skills with the ability to collaborate effectively with developers in a DevSecOps environment., * Bachelor's degree plus 2+ years of professional experience in cybersecurity or software development, or equivalent experience

  • 2+ years of experience focused on application/software security
  • Experience analyzing source code for security flaws
  • Familiarity with secure software development practices
  • Strong analytical, problem-solving, and communication skills
  • Detail-oriented with strong written and verbal communication abilities
  • Ability to qualify for and maintain a DoD or DoE Secret security clearance
  • Ability to meet DoD 8140.01 Cyberspace Workforce Management requirements within six months of hire
  • Good verbal and written communication skills
  • Attention to detail

Candidates who have any of the following skills will be preferred:

  • Active DoD Secret clearance or higher

  • Experience identifying, exploiting, and remediating application vulnerabilities

  • Credit for published CVEs is a strong plus

Proficiency in one or more programming languages such as C++, Python, JavaScript, Rust

Experience configuring and operating static analysis tools (e.g., Coverity, Klocwork, SonarQube)

Experience configuring and operating software composition analysis tools (e.g., Snyk, Sonatype, Anchore, JFrog Xray)

Experience with fuzzing frameworks (AFL, AFL++, honggfuzz, or similar)

Experience with debugging, runtime instrumentation, or reverse engineering, including tools such as:

  • strace
  • eBPF
  • Ghidra or IDA Pro

Familiarity with threat modeling methodologies and frameworks such as MITRE ATT&CK

Experience working in DevSecOps or Agile development environments

*Resumes, Cover Letters, and Applications which are generated by AI will not be considered for employment.

Benefits & conditions

SciTec offers a highly competitive salary and benefits package, including:

  • 4% Safe Harbor 401(k) match
  • 100% company paid HSA Medical insurance, with a choice of 2 buy-up options
  • 80% company paid Dental insurance
  • 100% company paid Vision insurance
  • 100% company paid Life insurance
  • 100% company paid Long-term Disability insurance
  • 100% company paid Hospital Indemnity insurance
  • Voluntary Accident and Critical Illness insurance
  • Short-term Disability insurance
  • Annual Profit-Sharing Plan
  • Discretionary Performance Bonus
  • Paid Parental Leave
  • Generous Paid Time Off, including Holiday, Vacation, and Sick Pay
  • Flexible Work Hours

The pay range for this position is $96,000 - $146,000 / year. SciTec considers several factors when extending an offer of employment, including but not limited to the role and associated responsibilities, a candidate's work experience, education/training, and key skills. This is not a guarantee of compensation.

SciTec is proud to be an Equal Opportunity employer. VET/Disabled.

Apply for this position