We are seeking a proactive and detail-driven Security Engineer with a strong foundation in Java development to join our Information Security team. This role combines hands-on security operations with secure development practices to ensure the confidentiality, integrity, and availability of our systems and applications. You’ll play a key role in maintaining compliance, responding to security threats, and supporting secure application lifecycles.

REQUIREMENTS

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field—or equivalent experience
• 3+ years in a security engineering or cybersecurity role, with proven experience in Java development
• Deep understanding of application security principles, especially in Java-based environments
• Proficiency in secure coding practices and familiarity with OWASP Top 10
• Experience with code analysis tools, such as SonarQube, Fortify, or similar
• Hands-on experience with security monitoring and vulnerability management tools
• Familiarity with security frameworks like ISO 27001, NIST, SOC 2
• Excellent problem-solving skills and strong communication abilities

PREFERRED QUALIFICATIONS

• Certifications such as OSCP, CSSLP, or CEH
• Experience with DevSecOps, CI/CD security integration, or threat modeling
• Background in cloud security (e.g., AWS security best practices)
• Experience working with platforms like Vanta, Proofpoint, and GuardDuty
  Job Type: Full-time
  Pay: $124,932.00 - $150,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Flexible schedule
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Vision insurance

Compensation Package:

• Bonus opportunities

Schedule:

• 8 hour shift
• Monday to Friday

Application Question(s):

• How many years of experience do you have in Java Development?

Work Location: Hybrid remote in McLean, VA 2210

• Conduct quarterly security and compliance reviews across systems and processes.
• Manage and support external and internal audits, including evidence gathering and documentation.
• Respond to InfoSec questionnaires and security due diligence inquiries from clients and partners.
• Oversee ISO policy documentation and compliance control management, including through platforms like Vanta.
• Conduct security design reviews and secure code reviews, with a focus on Java-based applications.
• Analyze results from static code analysis and security scanning to ensure secure releases.
• Monitor and respond to AWS GuardDuty alerts and other security incident indicators.
• Stay current on the latest threats and coordinate security advisories and updates to InfoSec teams.
• Manage security tools, tune email security platforms such as Proofpoint, and renew digital certificates.
• Oversee IT device and account management, enforcing identity and access policies.
• Monitor for and resolve vulnerabilities in both infrastructure and application layers.
• Provide guidance and review of Java application security, secure coding practices, and vulnerability remediation.
• Contribute to DevSecOps practices by integrating security throughout the software development lifecycle.
• Maintain documentation and perform policy updates related to ISO 27001, SOC 2, and other frameworks.
• Complete various additional security, IT, and compliance tasks as needed.