Cybersecurity Code Test Engineer

About The Position

Requirements

• Bachelor’s degree in computer science, Cybersecurity, Computer Engineering, or an equivalent technical field (Master's preferred). Equivalent practical experience is highly valued.
• Minimum of 4–6 years of dedicated experience in software engineering, application security, and embedded firmware vulnerability assessment.
• Demonstrated capacity analyzing hardware formats, embedded operating systems (RTOS/Embedded Linux), memory corruption boundaries (buffer overflows, race conditions), and hardware security architectures (TPM, Secure Boot).
• Strong capabilities writing and debugging scripts in Python, C/C++, Rust, Go, or Bash to customize automated tooling wrappers.
• Deep familiarity or direct operational proficiency with common, example ecosystems such as the following: CI/CD Platforms: GitHub Actions, GitLab CI/CD, Jenkins, Azure DevOps; SAST & DAST Solutions: Veracode, Checkmarx, SonarQube, Burp Suite Professional/Enterprise, OWASP ZAP; SCA & SBOM Operations: Snyk, Black Duck, Dependabot, CycloneDX CLI, Syft / Grype; Firmware & Embedded Analysis: Ghidra, IDA Pro, Binwalk, Radare2, JTAG/UART hardware debugging interfaces; AI-Assisted Security & Fuzzing: GitHub Copilot for Security, AFL++ (American Fuzzy Lop), LibFuzzer, Custom LLM-assisted code review agents.

Nice To Haves

• Master's degree
• CSSLP (Certified Secure Software Lifecycle Professional)
• GSSP-C/GSSP-Java
• CEH
• Advanced hardware security credentials (OSCP, OSCE)

Responsibilities

• Operationalize and validate engineering practices against NIST SP 800-218 to ensure product resilience, supply chain integrity, and regulatory compliance.
• Participate in threat modeling early in the product lifecycle to establish security test plans.
• Architect and maintain automated security gates within CI/CD engines, with auto-failing builds on high-risk vulnerabilities while preserving developer velocity.
• Implement SAST policies across compiled code, microservices, and firmware binaries to catch logic flaws and unsafe memory operations.
• Design DAST frameworks to probe runtime applications, APIs, and microservices for structural, access control, and routing vulnerabilities.
• Deploy SCA tooling to track open-source licenses, manage technical debt, and surface vulnerabilities in third-party packages.
• Generate and audit SBOM artifacts in machine-readable formats (CycloneDX, SPDX) for compliance and stakeholder reporting.
• Standardize repository layouts, cryptographic signing, and branch protections.
• Deploy continuous monitoring to detect accidental secret leakage, API tokens, and embedded credentials.
• Apply AI/ML to enhance test generation, auto-triage SAST false positives, and identify anomalous behavior.
• Leverage AI-assisted fuzzing platforms to probe firmware interfaces and network stacks for unknown vulnerabilities.

Benefits

• Medical
• Dental
• Vision
• 401(k)
• Paid time off
• Stock options