Software Security Engineer
Raft Company Website•Mclean, VA
1d•Hybrid
About The Position
Raft is seeking a Software Security Engineer to join our team! In this role, you will be the technical authority for software security across the program, ensuring that all systems meet the rigorous security standards required for DoD personnel vetting and adjudication platforms. You will embed security practices into every phase of the software development lifecycle and serve as a trusted advisor to program leadership and Government stakeholders.
Requirements
- CISSP certification required
- 10+ years of experience in software security, including application security, vulnerability management, and secure SDLC practices
- Strong knowledge of NIST SP 800-53, RMF, and DoD security frameworks applicable to IL4/IL5 systems
- Hands-on experience with SAST/DAST tools (e.g., Fortify, Checkmarx, Veracode, OWASP ZAP) and interpreting results for development teams
- Must possess certifications IAW DoD Directive 8140.01 (Cyberspace Workforce Management) and DoD 8570.01-M (Information Assurance Workforce Improvement Program)
- Active Top Secret clearance with SCI eligibility
Nice To Haves
- Additional certifications such as CSSLP, CEH, GPEN, or equivalent offensive/defensive security credentials
- Experience supporting ATO processes for DoD enterprise systems
- Familiarity with Zero Trust Architecture, DevSecOps pipelines, and container security (Kubernetes, Docker)
- Experience with DoD identity management, PKI, and access control systems
Responsibilities
- Lead the design, implementation, and continuous improvement of software security practices across the SDLC, from requirements through deployment and operations
- Conduct threat modeling, security architecture reviews, and code security assessments to identify and remediate vulnerabilities before they reach production
- Oversee static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) tooling integration within CI/CD pipelines
- Support the RMF Authorization to Operate (ATO) process, including development of SSPs, POA&Ms, and security control documentation
- Serve as the primary liaison with the Government's Information System Security Manager (ISSM) and Authorizing Official (AO) on all security matters
- Lead penetration testing planning, remediation tracking, and security incident response activities
- Mentor development and DevSecOps teams on secure coding standards, vulnerability management, and security-by-design principles
Benefits
- Highly competitive salary
- Fully covered healthcare, dental, and vision coverage
- 401(k) and company match
- Take as you need PTO + 11 paid holidays
- Education & training benefits
- Generous Referral Bonuses
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
101-250 employees
