Senior Secure Software Engineer/Solutions Architect

Job Description

Job DescriptionWe are seeking a highly experienced Secure Software Engineer with deep expertise in application security, vulnerability assessment, and secure software development. The ideal candidate will be responsible for designing, developing, and testing secure software applications to ensure resilience against emerging cyber threats. This role requires advanced knowledge of secure coding practices, security testing tools, and regulatory compliance standards. Prior experience in the electric and/or water utility sector is strongly preferred.

Key Responsibilities:

• Design and develop secure software applications with integrated security features and hardened architectures
• Conduct vulnerability assessments and penetration testing of custom and third-party applications
• Provide remediation support for identified vulnerabilities and work closely with development teams to integrate fixes
• Collaborate with cross-functional teams (DevOps, Cloud, Infrastructure, QA, and Compliance) to ensure secure application delivery
• Conduct code reviews to ensure adherence to secure coding standards (e.g., OWASP Top 10, NIST 800-53, CIS Benchmarks)
• Develop and maintain documentation for secure development practices, risk mitigation steps, and security controls
• Participate in incident response activities related to application and software security threats
• Lead or support dependency and event management for critical applications and third-party libraries
• Stay up-to-date on current and emerging threats, tools, and security technologies to inform continuous improvement
• Ensure application compliance with industry standards and regulations (e.g., NERC CIP, FISMA, GDPR, CCPA)

Qualifications Required:

• Minimum 7 years of professional experience in cybersecurity, software security engineering, or application security
• Demonstrated experience with:
  • Secure software design and development
  • Vulnerability assessments and penetration testing
  • Incident response and remediation support
  • Dependency/event management
• Proficiency with secure development lifecycle (SDL), static and dynamic code analysis tools (e.g., SonarQube, Fortify, Veracode)
• Strong knowledge of at least one programming language (e.g., Java, C#, Python, JavaScript)
• Familiarity with security tools such as Burp Suite, Nessus, Metasploit, or similar
• Working knowledge of security compliance frameworks and best practices

Preferred:

• Specialized experience in the electric and/or water utility sector
• Certifications such as CISSP, CSSLP, OSCP, CEH, or GIAC GWAPT
• Experience working within regulated environments (e.g., NERC CIP, HIPAA, PCI-DSS)

This is a remote position.