Application Security Engineer

SciTec•Boulder, CO

17h•$96,000 - $146,000

About The Position

SciTec is a dynamic small business, with the mission to deliver advanced sensor data processing technologies and scientific instrumentation capabilities in support of National Security and Defense, and we are growing our creative team! We support customers throughout the Department of Defense and U.S. Government in building innovative new tools to deliver unique world-class data exploitation capabilities. Important Notice: SciTec exclusively works on U.S. government contracts that require U.S. citizenship for all employees. Applicants that do not meet this requirement will not be considered. SciTec has an immediate opportunity for a talented engineer to support our programs delivering Next-Generation Missile Warning software. This is a unique opportunity to join a small business delivering core capabilities for National defense. You will work within a fast-paced team delivering end-to-end software processing of Overhead Persistent InfraRed (OPIR) sensor data for Missile Warning, Missile Defense, Battlespace Awareness, and Technical Intelligence. We are seeking an Application Security Engineer to help secure mission-critical software systems by identifying, analyzing, and mitigating application-level vulnerabilities. This role focuses on hands-on security analysis, tooling integration, and working directly with software engineers to embed security into the development lifecycle. The ideal candidate combines strong technical security skills with the ability to collaborate effectively with developers in a DevSecOps environment.

Requirements

Bachelor’s degree plus 2+ years of professional experience in cybersecurity or software development, or equivalent experience
2+ years of experience focused on application/software security
Experience analyzing source code for security flaws
Familiarity with secure software development practices
Strong analytical, problem-solving, and communication skills
Detail-oriented with strong written and verbal communication abilities
Ability to qualify for and maintain a DoD or DoE Secret security clearance
Ability to meet DoD 8140.01 Cyberspace Workforce Management requirements within six months of hire
Good verbal and written communication skills
Attention to detail

Nice To Haves

Active DoD Secret clearance or higher
Experience identifying, exploiting, and remediating application vulnerabilities
Credit for published CVEs is a strong plus
Proficiency in one or more programming languages such as C++, Python, JavaScript, Rust
Experience configuring and operating static analysis tools (e.g., Coverity, Klocwork, SonarQube)
Experience configuring and operating software composition analysis tools (e.g., Snyk, Sonatype, Anchore, JFrog Xray)
Experience with fuzzing frameworks (AFL, AFL++, honggfuzz, or similar)
Experience with debugging, runtime instrumentation, or reverse engineering, including tools such as:
strace
eBPF
Ghidra or IDA Pro
Familiarity with threat modeling methodologies and frameworks such as MITRE ATT&CK
Experience working in DevSecOps or Agile development environments

Responsibilities

Perform application security analysis using both automated and manual techniques, including:
Static code analysis (SAST)
Software composition analysis (SCA)
Fuzzing
Manual code and design reviews
Identify, analyze, and help remediate application vulnerabilities
Support software engineers in integrating security considerations into system and application designs
Integrate and maintain application security tooling within CI/CD and DevSecOps pipelines
Design, implement, and improve continuous integration security analysis tooling
Tune and maintain security tools to reduce false positives and improve signal quality
Assist development teams in understanding findings and implementing effective fixes
Support threat modeling and secure design reviews
Stay current with emerging vulnerabilities, attack techniques, and mitigation strategies
Document findings, recommendations, and best practices
Perform other duties as assigned