Scitec1 week ago

Staff/Sr. Staff Application Security Engineer

Scitec

$96,000–$146,000 year

On-site · Princeton, New Jersey, United States or Boulder, Colorado, United States

Princeton, New Jersey, United States or Boulder, Colorado, United StatesOn-siteFull Time$96,000–$146,000 yearMid LevelBachelors DegreeUnknown

Type

Full Time

Level

Mid Level

Education

Bachelors Degree

Company size

Unknown

Job Summary

Staff/Sr. Staff Application Security Engineer to secure mission-critical software systems by identifying, analyzing, and mitigating application-level vulnerabilities in DoD/DoE contexts. Responsibilities include performing SAST and SCA, fuzzing, manual code and design reviews, integrating security tooling into CI/CD and DevSecOps pipelines, threat modeling, secure design reviews, staying current on vulnerabilities, and communicating findings and best practices. Requires collaboration with software engineers, DevSecOps experience, and ability to obtain/maintain a DoD/DoE Secret clearance. Location-based roles in Boulder, CO and Princeton, NJ; salary $96k-$146k; benefits package includes comprehensive health, retirement, and leave benefits.

Required Qualifications

Bachelor’s degree
2+ years of professional experience in cybersecurity or software development
2+ years of experience focused on application/software security
Experience analyzing source code for security flaws
Familiarity with secure software development practices
Ability to qualify for and maintain a DoD or DoE Secret security clearance
DoD 8140.01 Cyberspace Workforce Management requirements within six months of hire
Strong communication skills
Detail-oriented with strong written and verbal communication abilities
Active DoD Secret clearance or higher (preferred)
Experience with programming languages such as C++, Python, JavaScript, Rust (preferred)
Experience configuring and operating static analysis tools (e.g., Coverity, Klocwork, SonarQube) (preferred)
Experience configuring and operating software composition analysis tools (e.g., Snyk, Sonatype, Anchore, JFrog Xray) (preferred)
Experience with fuzzing frameworks (AFL, AFL++, honggfuzz, or similar) (preferred)
Experience with debugging/runtime instrumentation/reverse engineering tools (strace, eBPF, Ghidra, IDA Pro) (preferred)
Familiarity with threat modeling methodologies (MITRE ATT&CK)
Experience in DevSecOps or Agile environments
Security-focused mindset with ability to embed security into development lifecycle
Excellent written and verbal communication

Additional Requirements

U.S. citizenship required for employment per posting

Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.

Hiring someone like this?

Get your role in front of qualified candidates on Sorce.

Get started