Application Security Engineer III

About The Position

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field.
• 5+ years of cybersecurity experience (4+ years with a Master's degree).
• Experience supporting application, product, or embedded cybersecurity in regulated industries such as medical devices, defense, or aerospace.
• Hands-on experience with DoD RMF, STIGs, SCAP tools, and POA&M management.
• Knowledge of NIST frameworks, including NIST 800-53 and NIST 800-171.
• Experience with secure software development, vulnerability management, risk assessment, and DevSecOps practices.
• Experience with Windows and Linux hardening, network security, and system compliance validation.
• Strong communication, analytical, organizational, and problem-solving skills.

Nice To Haves

• Experience obtaining or maintaining DoD ATO certifications.
• Knowledge of FDA cybersecurity guidance and medical device security standards.
• Certifications such as CISSP, Security+, CEH, or GSEC.
• Experience with cloud security, container security, and automated testing frameworks.
• Experience working in Linux, Windows Server, virtualized environments, and network security architectures.
• Master's degree in a related technical discipline.

Responsibilities

• Lead and maintain DoD Authorization to Operate (ATO) certifications.
• Serve as the primary cybersecurity contact for DoD-related projects.
• Manage RMF compliance activities, including STIG and SCAP scanning, POA&M management, and risk mitigation planning.
• Author and maintain cybersecurity documentation, risk analyses, and compliance reports.
• Support certification audits, renewals, and customer-facing cybersecurity reviews.
• Verify cybersecurity requirements through testing, documentation, and validation activities.
• Partner with engineering teams to implement secure development practices.
• Support threat modeling, vulnerability management, and security testing throughout the SDLC.
• Participate in product security reviews and provide risk mitigation recommendations.
• Design and maintain DevSecOps pipelines with automated security testing and vulnerability scanning.
• Support secure CI/CD practices and compliance monitoring.
• Establish and maintain cybersecurity lab environments and test infrastructure.
• Collaborate with R&D, Quality, Regulatory, IT, Operations, and Product Management teams.
• Communicate cybersecurity risks, requirements, and recommendations to technical and non-technical stakeholders.
• Participate in customer meetings, technical reviews, and occasional on-site visits.