Software Security Engineer Jobs

MTSI is currently seeing to hire a Software Security Enginee r to join MTSI supporting our infrastructure Information Technology team.

This role is 100% remote, requires an active Secret Clearance with the ability obtain a Top Secret and US citizenship.

As a Software Security Engineer, you will help embed security into the Software Development Lifecycle (SDLC) for the AIME Development Platform and the software built on it. Working with software engineers, architects, DevSecOps, cloud, and cybersecurity stakeholders, you will define security requirements, perform design reviews and threat modeling, guide secure coding and testing practices, and help teams deliver AI/ML, Modeling & Simulation (M&S), and other mission software more securely.

Your focus will be software security within the SDLC, including support for compliance with NIST SP 800-171, the Secure Software Development Framework (SSDF, NIST SP 800-218), and related DoD and customer requirements. Rather than owning the full DevSecOps toolchain, you will partner with platform and DevSecOps teams to ensure security controls, evidence, and approval gates are appropriately integrated into the SDLC.

How you will contribute to our National Security and Defense mission:

As a Software Security Engineer, you will help embed security into the Software Development Lifecycle (SDLC) for the MTSI Development Platform and the software and solutions developed on it. You will work across software, DevSecOps, cloud, and cybersecurity teams to make security a built-in part of planning, design, development, testing, and release for AI/ML, Modeling & Simulation (M&S), and other mission software.

You will focus on secure-by-design software delivery, applying security requirements early, guiding secure development practices, and helping teams generate the evidence needed to support audits and accreditation activities. This role emphasizes software security leadership within the SDLC, including alignment to NIST SP 800-171, the Secure Software Development Framework (SSDF, NIST SP 800-218), and DoD Enterprise DevSecOps reference designs and software factory patterns.

You'll be a great fit for this role if you:

• Are passionate about building security into software and delivery workflows from the start, not adding it at the end
• Can translate security and compliance requirements into practical guidance for developers, architects, and program stakeholders
• Understand how security fits across the SDLC and can work effectively with DevSecOps and platform teams without needing to own every pipeline component
• Communicate clearly with software, cloud, cybersecurity, compliance, and leadership stakeholders
• Can balance mission delivery, developer experience, and risk reduction in a fast-moving environment
• Are self-driven, collaborative, and committed to continuous improvement of software security practices

Job Responsibilities:

Your essential job functions will include but may not be limited to:

• Partner with software engineers, architects, DevSecOps engineers, and cybersecurity SMEs to embed security requirements and secure practices throughout the SDLC.
• Define and refine software security requirements, control objectives, and secure development guardrails aligned to NIST SP 800-171, SSDF, RMF/CMMC, and customer requirements, as applicable.
• Conduct threat modeling, security design reviews, and risk assessments for applications, services, APIs, and supporting development workflows.
• Guide engineering teams on secure coding, code review, secrets management, dependency management, open source risk, and remediation of security findings.
• Partner with platform and DevSecOps teams to integrate and tune security checks within SDLC workflows, such as SAST, SCA, secrets detection, IaC scanning, container scanning, and policy gates where appropriate.
• Help map technical implementations and security evidence to compliance and accreditation needs, including support for audit, ATO, and cATO-related activities.
• Review vulnerabilities, security defects, and architectural risks with engineering teams; help prioritize remediation and improve secure defaults over time.
• Assess development tooling and workflows against DoD Enterprise DevSecOps reference designs and recommend improvements to strengthen trust boundaries, approvals, traceability, and software integrity.
• Support secure use and governance of AI-assisted development tools and workflows in accordance with approved guardrails and data protection requirements.
• Create reusable SDLC security guidance and developer training for use across projects.
• Collaborate with compliance and cybersecurity stakeholders to validate control implementation approaches and improve the overall security posture of the development environment.

Required Qualifications:

Education:

Bachelor's degree in Cybersecurity, Computer Science, Computer Engineering, or related field.

Clearance Requirements:

Active DoD Secret clearance required, with the ability to obtain and maintain a Top Secret clearance.

Experience :

• 5 years of professional experience in software security, application security, product security, cybersecurity engineering, or security-focused software engineering roles.
• Strong understanding of secure SDLC practices and how security activities fit across planning, design, development, testing, release, deployment, and operations.
• Experience applying security and compliance frameworks such as NIST SP 800-171 and the SSDF (NIST SP 800-218) to software development environments or software delivery processes.
• Understanding of DoD Enterprise DevSecOps fundamentals and reference designs, and how security controls, testing, evidence, and approvals fit within software factories and CI/CD-enabled SDLC workflows.
• Experience conducting threat modeling, security design reviews, architecture reviews, or technical risk assessments for software systems.
• Working knowledge of common software security testing and review methods such as SAST, SCA, DAST, secrets detection, container scanning, or IaC scanning, and the ability to help teams use findings effectively.
• Experience collaborating with software, platform, cloud, and cybersecurity teams to implement secure defaults, remediate findings, and strengthen development practices.
• Demonstrated ability to communicate security risks, requirements, and tradeoffs to both technical and non-technical stakeholders.

Preferred Qualifications:

• Experience with Git-based development workflows and CI/CD platforms such as GitLab, including how security checks, approvals, and evidence can be integrated into delivery workflows.
• Familiarity with cloud and container security concepts in Azure Government, Kubernetes, Infrastructure as Code, or similar environments used by modern software platforms.
• Experience with RMF, CMMC, OSCAL, evidence generation, or scripting/automation used to support security validation, reporting, and continuous compliance activities.

The pay range for this position in Colorado is $95,000/year to $190,000/year; however, base pay offered may vary depending on established government contract ranges, job-related knowledge, skills, and experience, and other factors. MTSI also offers a full range of medical, financial, and other benefits, dependent on the position offered. Base pay information is based on market location. Applications will be accepted on an ongoing basis. This posting will be renewed periodically until the position is filled.

#LI-AT1