Apply on Employer Site

Caribou Thunder LLC · 3 weeks ago

Software Security Engineer (Java)

Newport News, VA

Full-time

Hybrid

Mid, Senior Level

$80K/yr - $98K/yr

2+ years exp

Caribou Thunder is a HUBZone-certified small business providing advanced technical and engineering services to the U.S. Department of War and its mission partners. The Software Security Engineer (Java) will safeguard mission-critical defense systems by securing Java-based software, performing static code analysis, and collaborating with various teams to enhance security measures.

Cyber SecurityInformation TechnologySoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Perform static security analysis of Java source code, identifying vulnerabilities and security weaknesses and clearly explaining findings to development teams

Use Fortify and Software Security Center (SSC) hands-on to execute scans, analyze results, validate findings, and support vulnerability remediation

Support secure software design by applying defense-in-depth principles across Java-based systems operating in classified environments

Provide technical input to RMF activities, including vulnerability evidence, control implementation details, and remediation tracking (not policy ownership)

Conduct vulnerability assessments and security reviews in alignment with DoD requirements

Apply and validate Security Technical Implementation Guides (STIGs) and configuration controls across systems and applications

Monitor systems using ACAS and other DoD-approved tools to identify security risks and compliance gaps

Participate in incident response and forensic analysis efforts as needed

Collaborate closely with: Software developers on secure coding and remediation, Systems engineers on architecture and control implementation, ISSOs and network teams on compliance and operational security

Produce clear technical documentation and briefings for both technical and non-technical stakeholders

Mentor junior engineers and contribute to continuous improvement of security practices

Qualification

JavaStatic security analysisFortifyCompTIA Security+Cybersecurity engineering principlesRisk Management Framework (RMF)ACASSTIG implementationC++PythonAnalytical skillsTechnical documentation

Required

U.S. Citizenship + Active Secret clearance

Proven experience performing static security analysis of Java code

Must be able to read, understand, and explain Java logic and vulnerabilities

Hands-on experience using Fortify and Software Security Center (SSC)

CompTIA Security+ (DoD 8570 IAT Level II compliant)

Ability to work on-site full time in Newport News, VA (80–90% of work performed in a secure lab)

2+ years with a Bachelor's degree in Computer Science, Information Security, or a related discipline

Strong understanding of cybersecurity engineering principles and secure software implementation

Working knowledge of: Risk Management Framework (RMF) controls and documentation

ACAS scanning, configuration, and reporting

STIG implementation and compliance enforcement

Industry frameworks such as NIST, NIST 800-53, and ISO 27001

Strong analytical skills and the ability to clearly communicate technical findings

Preferred

Master's degree in Cybersecurity, Information Assurance, or related discipline

Advanced certifications (CISSP, CISM, CEH, OSCP)

Experience with additional languages such as C++ or Python in secure environments

Familiarity with cloud security, virtualized infrastructure, or zero-trust architectures

Experience supporting both active development and sustainment environments

Exposure to automated vulnerability scanning, SIEM tools, or advanced threat detection

Interest in emerging cybersecurity technologies within the defense sector

Benefits

Premium Health, Dental & Vision Insurance

401(k) with 6% Company Match

Flexible PTO & Work Schedule

Education & Certification Reimbursement

Support for Military Leave

Work–Life Balance & Traditional Family Values

Company

Caribou Thunder LLC

For the past 2 decades, Caribou Thunder has been a merit-based company driven by performance, innovation, and an unwavering commitment to advancing national security.

Founded in 2006

Hayward, Wisconsin, USA

51-200 employees