Secure Software Engineer

We are seeking a highly experienced Secure Software Engineer with deep expertise in application security, vulnerability assessment, and secure software development. The ideal candidate will be responsible for designing, developing, and testing secure software applications to ensure resilience against emerging cyber threats. This role requires advanced knowledge of secure coding practices, security testing tools, and regulatory compliance standards. Prior experience in the electric and/or water utility sector is strongly preferred.

Key Responsibilities:

Design and develop secure software applications with integrated security features and hardened architectures

Conduct vulnerability assessments and penetration testing of custom and third-party applications

Provide remediation support for identified vulnerabilities and work closely with development teams to integrate fixes

Collaborate with cross-functional teams (DevOps, Cloud, Infrastructure, QA, and Compliance) to ensure secure application delivery

Conduct code reviews to ensure adherence to secure coding standards (e.g., OWASP Top 10, NIST 800-53, CIS Benchmarks)

Develop and maintain documentation for secure development practices, risk mitigation steps, and security controls

Participate in incident response activities related to application and software security threats

Lead or support dependency and event management for critical applications and third-party libraries

Stay up-to-date on current and emerging threats, tools, and security technologies to inform continuous improvement

Ensure application compliance with industry standards and regulations (e.g., NERC CIP, FISMA, GDPR, CCPA)

Qualifications Required:

Minimum 7 years of professional experience in cybersecurity, software security engineering, or application security

Demonstrated experience with:

Secure software design and development

Vulnerability assessments and penetration testing

Incident response and remediation support

Dependency/event management

Proficiency with secure development lifecycle (SDL), static and dynamic code analysis tools (e.g., SonarQube, Fortify, Veracode)

Strong knowledge of at least one programming language (e.g., Java, C#, Python, JavaScript)

Familiarity with security tools such as Burp Suite, Nessus, Metasploit, or similar

Working knowledge of security compliance frameworks and best practices

Preferred:

Specialized experience in the electric and/or water utility sector

Certifications such as CISSP, CSSLP, OSCP, CEH, or GIAC GWAPT

Experience working within regulated environments (e.g., NERC CIP, HIPAA, PCI-DSS)

This is a remote position.