Application Security Engineer III

NV - Sparks (Prater)

Sierra Nevada Corporation

Sierra Nevada Corporation (SNC) is a trusted leader in innovative, advanced technology solutions and open architecture integrations in aerospace and national security.

View all jobs at Sierra Nevada Corporation

As an Application Security Engineer at SNC, you will be a critical member of our Cybersecurity Architecture and Engineering team, tasked with designing and implementing security controls to protect applications across SNC. Your responsibilities will center around integrating security into the architecture of cloud-native and on-premise applications as well as containerized environments. You will drive the secure software development lifecycle by conducting SAST/DAST testing, code reviews, and ensuring robust API security. You will also lead efforts in risk management and ensure alignment with industry compliance frameworks. By automating security testing and fostering secure coding practices, you will enhance the security posture of business-critical applications across the enterprise.

As SNC's corporate team, we provide the company and its business areas with strategic direction and business support spanning executive management, finance and accounting, operations, human resources, legal, IT, information security, facilities, marketing, and communications. Learn more about SNC's Corporate team

Responsibilities:

  • Design and implement security controls, ensuring application security by design.
  • Conduct security architecture and configuration reviews for both on-prem and cloud applications.
  • Implement and automate SAST/DAST and integrate security tools into CI/CD pipelines to enforce security policies.
  • Oversee container security for applications using Docker, Kubernetes, etc., ensuring secure configurations and deployments.
  • Ensure robust API security, covering authentication, authorization, encryption, and other security measures.
  • Collaborate with IT and DevOps teams to embed security through the software development lifecycle (SDLC).
  • Conduct vulnerability management and remediation, mitigate identified risks, and ensure timely patching.
  • Ensure compliance with industry security frameworks (e.g., NIST 800-53, CMMC, Zero Trust), contractual requirements, and corporate policies.
  • Lead security risk assessments and provide recommendations to improve application security posture.
  • Drive the adoption of security best practices by providing guidance and mentorship to development teams on secure coding and application architecture.

Must Haves:

  • Bachelor's degree in Cybersecurity, Network Engineering, Information Technology, or related Engineering discipline and typically 6 or more years of relevant experience
  • Relevant experience may be considered in lieu of required education
  • Experience securing applications in cloud environments, Azure preferred
  • Experience securing containerized environments, and experience with orchestration technologies, especially AKS.
  • Knowledge and understanding of API security best practices and OWASP top 10.
  • Ability to collaborate across teams to enforce security policies and drive secure development practices.
  • Familiarity with compliance frameworks, especially NIST 800-53 and 800-171.
  • Strong communication skills, both verbal and written, to effectively engage stakeholders across multiple teams.
  • The ability to obtain and maintain a Secret U.S. Security Clearance is required

Preferred:

  • Advanced degree in Cybersecurity or related fields.
  • Background in the Aerospace and Defense Industry, the US Department of Defense (Civilian), the US Intelligence Community, NASA/Civil or commercial space and/or US Military, with an understanding of defense, aerospace, intelligence, and adjacent markets
  • Professional cybersecurity certifications such as CASE, GWEB, CISSP, or other recognized certifications
  • Experience implementing and leveraging cyber frameworks and standards, such as NIST (National Institute of Standards and Technology) 800-171 and 800-53, Cybersecurity Maturity Model Certification (CMMC), MITRE ATT&CK, Zero Trust Architecture, DFARS, and industry best practices.
  • Background in securing enterprise applications in medium to large-scale corporate environments.
  • Knowledge of IaC security and cloud automation tools.

Estimated Starting Salary 95,298.10 - 131,034.89 USD Annually

#Ll-hybrid

SNC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with 150% match up to 6%, life insurance, 3 weeks paid time off, tuition reimbursement, and more.

IMPORTANT NOTICE:

This position requires the ability to obtain and maintain a Secret U.S. Security Clearance. U.S. Citizenship status is required as this position needs an active U.S. Security Clearance for employment. Non-U.S. citizens may not be eligible to obtain a security clearance. The Department of Defense Consolidated Adjudications Facility (DoD CAF), a federal government agency, handles the adjudicative aspects of the security clearance eligibility process for industry applicants. Adjudicative factors which affect the outcome of the eligibility determination include, but are not limited to, allegiance to the U.S., foreign influence, foreign preference, criminal conduct, security violations and illegal drug use.

Learn more about the background check process for Security Clearances.

SNC is a global leader in aerospace and national security committed to moving the American Dream forward. We’re known and respected for our mission and execution focus, agility, and disruptive and rapid innovation. We provide leading edge technologies and transformative solutions that support our nation’s most critical security needs. If you are mission-focused, thrive in collaborative environments, and want to make our country stronger with state-of-the-art technologies that safeguard freedom, join our team!

As an Equal Opportunity Employer, we welcome our employees to bring their whole selves to their work. SNC is committed to fostering an inclusive, accepting, and diverse environment free of discrimination.  Employment decisions are made without regarding to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran or other characteristics protected by law. Contributions to SNC come in many shapes and styles, and we believe diversity in our workforce fosters new and greater ways to dream, innovate, and inspire.

Job stats:  1  0  0

Tags: APIs Application security Automation Azure CI/CD CISSP Clearance Cloud CMMC Compliance DAST DevOps DFARS Docker DoD Encryption Finance Government agency Kubernetes MITRE ATT&CK NIST NIST 800-53 OWASP Risk assessment Risk management SAST SDLC Security Clearance Vulnerability management Zero Trust

Perks/benefits: 401(k) matching Career development Health care Insurance

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.