Share Email Opening Title Security Software Engineer   EOE Statement Eccalon provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. EEO is the law.   Category Software Engineer   Description Job Description We are seeking a Security Software Engineer to build and harden software systems supporting DoD programs operating under CMMC/NIST 800-171/FedRAMP compliance requirements. You will embed security across the SDLC—from design and code review through CI/CD and cloud deployment—working alongside engineering, DevSecOps, and IT teams in a regulated, cloud-native environment (AWS Commercial and GovCloud, Azure GCC High). Responsibilities Core Engineering & Secure Development Design and develop secure software with a security-first mindset baked into every phase of the SDLC. Apply secure coding standards, threat modeling, and vulnerability mitigation aligned to NIST 800-53 and CMMC Level 2/3 controls. Conduct architecture reviews and code hardening to address OWASP Top 10 and DoD STIGs. Automate security gates in CI/CD pipelines (SAST, DAST, dependency scanning, secrets detection). Security Architecture & Controls Design secure system and API architectures for multi-tenant cloud environments, including GCC High and FedRAMP-authorized platforms. Implement IAM controls, JIT provisioning, SSO/SAML/OIDC flows, and least-privilege authorization frameworks (e.g., Cognito, Azure AD). Instrument applications with security logging and monitoring that satisfies audit and continuous monitoring requirements (AU/SI control families). Vulnerability Management & Response Lead code reviews, SAST/DAST scans, and targeted penetration testing; document findings against control frameworks. Triage and remediate vulnerabilities within POA&M timelines; maintain artifact evidence for compliance assessments. Support incident response for application-layer events; contribute to after-action reports and corrective action plans. Cross-functional Collaboration Serve as the embedded security champion for engineering squads, raising the security bar through mentorship and code review culture. Develop and deliver security training and runbooks tailored to engineering and DevOps team members. Collaborate with DevOps/SRE to enforce secure IaC, WAF rules, network controls, and runtime monitoring across AWS and Azure environments. Required Qualifications Bachelor’s degree in Computer Science, Engineering, or related field—or equivalent experience. 3+ years of software engineering experience with a strong focus on security. Proficiency in one or more programming languages (e.g., JavaScript/TypeScript, Python, Go, C#). Experience with secure coding practices and frameworks. Strong understanding of application security principles, including: OWASP Top 10 Secure API/REST design Cryptography fundamentals Authentication/authorization patterns Experience with code scanning tools (SAST/DAST), threat modeling, and penetration testing. Familiarity with NIST 800-171, CMMC, or FedRAMP security control requirements and evidence collection. Hands-on experience with AWS and/or Azure security services (IAM, WAF, Security Hub, Defender, Sentinel); GCC High or GovCloud experience a plus. Preferred Qualifications Experience with container security (Docker, ECS). Working knowledge of Zero Trust Architecture principles. Experience building DevSecOps pipelines in regulated environments; familiarity with tools like Prisma, Checkov, Snyk, or Aqua. Relevant certifications (any of the following): CISSP, CSSLP, or CASP+ OSCP CEH GIAC (GWAPT, GSEC, GWEB) or CCP/CCA (UK Cyber Essentials equivalent) Experience securing microservices or event-driven architectures on ECS; background in federal or cleared environments preferred.       Full-Time/Part-Time Full-Time   Exempt/Non-Exempt Exempt   About the Organization Eccalon provides global solutions to the most challenging technological issues of the 21st-century, and our evolving portfolio spans five major markets: Machine Learning, Cybersecurity, Aerospace & Defense, Material Sciences, Advance Manufacturing, Sports Science, Biotechnology, and Health & Life Sciences. Why Join Us? Eccalon's Executives foster a supportive work environment allowing our teams to thrive, and have a fierce dedication to innovation, security, and people. Our culture is built on inclusion, teamwork, trust, and we are committed to offering career advancement opportunities to all employees. Encouraging a healthy and balanced life, we offer an extensive benefits package to support the wellness of our employees and their families. You will be joining a team of innovators, working with cutting edge technologies, supporting mission critical projects, and making an impact. Apply today to advance your career!   This position is currently not accepting applications. To search for an open position, please go to http://EccalonLLC.appone.com WE ALSO RECOMMEND Other Jobs Within Same Category Security Software Engineer On-site in Detroit, MI Posted on: 5/13/2026 [Apply Now] Security Software Engineer in Hanover, MD Posted on: 5/13/2026 [Apply Now] Other Jobs Within 60 Miles Director of Software Engineering in Hanover, MD Posted on: 2/16/2026 [Apply Now] Executive Assistant in Hanover, MD Posted on: 5/5/2026 [Apply Now] Office Manager in Hanover, MD Posted on: 5/13/2026 [Apply Now] Full Stack Developer in Hanover, MD Posted on: 2/26/2026 [Apply Now] Senior Cybersecurity Engineer / Security Architect (MLS & High-Assurance Systems) in Hanover, MD Posted on: 1/12/2026 [Apply Now] Follow us See who works here:

 

AppOne.comTM   ©1999-2024 HR Services, Inc. Click here for technical assistance.