Application Compliance & Security Lead

About The Position

Requirements

• Have a Bachelor’s degree in Computer Science, Information Technology, or similar technical majors.
• 5+ years in cybersecurity, GRC, or compliance and DevSecOps
• Have solid knowledge of the CMMC framework, NIST SP 800-171, SSDF, and/or DFARS requirements, with proven ability to translate compliance frameworks into technical security controls.
• Have software development experience in .NET, Java, Python, or similar languages with a solid grasp of the software development lifecycle.
• Have experience implementing SAST, DAST, SCA, and SBOM tools such as SonarQube, Checkmarx, Veracode, Snyk, or OWASP ZAP.
• Have experience integrating security into CI/CD pipelines using tools like GitLab CI or Azure DevOps, with strong DevSecOps and shift-left security principles.
• Can lead cross-team initiatives and influence without formal authority, with excellent communication skills for both technical and non-technical audiences.
• Are able to obtain a Secret level security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

Nice To Haves

• Have DoD or federal contractor experience with active compliance programs.
• Have led technical teams in development or security roles.
• Hold certifications such as CSSLP, CISSP, Security+, CMMC CCP/RP, CEH, or GIAC.
• Have cloud security experience with AWS, Azure, or GCP.

Responsibilities

• Driving CMMC compliance strategy across our application portfolio, translating sophisticated requirements into actionable security controls that development teams can understand and implement.
• Serving as the go-to resource for application teams on security and compliance matters, providing practical guidance on secure development practices and helping teams navigate CMMC, NIST 800-171, SSDF, and DFARS requirements.
• Implementing and maintaining application security tooling including SAST, DAST, SBOM vulnerability analysis, container scanning, and dependency management, integrating these tools into CI/CD pipelines and DevSecOps workflows.
• Guiding service and project managers through compliance requirements with concrete, SDLC-relevant examples, evaluating data security needs and establishing realistic security boundaries.
• Integrating security reviews into agile sprints, remove process bottlenecks by collaborating with GRC and InfoSec teams, and maintain compliance documentation for application security controls.
• Training and mentoring developers on secure coding standards, conduct security assessments to identify vulnerabilities

Benefits

• We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.
• Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance.