HiringCafe
Posted 2w ago

Staff/Sr. Staff Application Security Engineer

@ SciTec
View All Jobs
Boulder, Colorado, United States
$96k-$146k/yrOnsiteFull Time
Responsibilities:performing analysis, identifying vulnerabilities, integrating tooling
Requirements Summary:Bachelor’s degree + 2+ years in cybersecurity or software development; 2+ years in application security; ability to obtain DoD/DoE Secret clearance; strong communication and problem-solving; DoD 8140.01 readiness.
Technical Tools Mentioned:SAST tools, SCA tools, Fuzzing tools, Static analysis tools, Code review tools, CI/CD security tooling, Ghidra, IDA Pro, strace, eBPF, Coverity, Klocwork, SonarQube, Snyk, Sonatype, Anchore, JFrog Xray
Save
Mark Applied
Hide Job
Report & Hide
Job Description

SciTec, a wholly owned subsidiary of Firefly Aerospace, is a dynamic non-traditional defense contractor that delivers advanced technologies in support of U.S. National Security and Defense. For the past forty-five plus years, we have supported Department of Defense customers by developing innovative remote sensing algorithms, tools, and techniques to deliver world-class data exploitation capabilities supporting missile defense; intelligence, surveillance, & reconnaissance; space domain awareness; and aircraft survivability missions.

Important Notice: SciTec exclusively works on U.S. government contracts that require U.S. citizenship for all employees. Applicants that do not meet this requirement will not be considered.

SciTec has an immediate opportunity for a talented engineer to support our programs delivering Next-Generation Missile Warning software. This is a unique opportunity to join a business delivering core capabilities for National defense. You will work within a fast-paced team delivering end-to-end software processing of Overhead Persistent InfraRed (OPIR) sensor data for Missile Warning, Missile Defense, Battlespace Awareness, and Technical Intelligence.

We are seeking an Application Security Engineer to help secure mission-critical software systems by identifying, analyzing, and mitigating application-level vulnerabilities. This role focuses on hands-on security analysis, tooling integration, and working directly with software engineers to embed security into the development lifecycle.

The ideal candidate combines strong technical security skills with the ability to collaborate effectively with developers in a DevSecOps environment.

Responsibilities

  • Perform application security analysis using both automated and manual techniques, including:
    • Static code analysis (SAST)
    • Software composition analysis (SCA)
    • Fuzzing
    • Manual code and design reviews
  • Identify, analyze, and help remediate application vulnerabilities
  • Support software engineers in integrating security considerations into system and application designs
  • Integrate and maintain application security tooling within CI/CD and DevSecOps pipelines
  • Design, implement, and improve continuous integration security analysis tooling
  • Tune and maintain security tools to reduce false positives and improve signal quality
  • Assist development teams in understanding findings and implementing effective fixes
  • Support threat modeling and secure design reviews
  • Stay current with emerging vulnerabilities, attack techniques, and mitigation strategies
  • Document findings, recommendations, and best practices
  • Perform other duties as assigned