Job Title: Security Software Engineer Company Name: Eccalon Job Url: https://recruiting.myapps.paychex.com/appone/MainInfoReq.asp?R_ID=7075337&B_ID=91&fid=1&SearchScreenID=23884&ssbgcolor=#FFFFFF Job Description: Security Software Engineer   EOE STATEMENT Eccalon provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. EEO is the law.   CATEGORY Software Engineer   DESCRIPTION Job Description We are seeking a Security Software Engineer to build and harden software systems supporting DoD programs operating under CMMC/NIST 800-171/FedRAMP compliance requirements. You will embed security across the SDLC—from design and code review through CI/CD and cloud deployment—working alongside engineering, DevSecOps, and IT teams in a regulated, cloud-native environment (AWS Commercial and GovCloud, Azure GCC High). Responsibilities Core Engineering & Secure Development Design and develop secure software with a security-first mindset baked into every phase of the SDLC. Apply secure coding standards, threat modeling, and vulnerability mitigation aligned to NIST 800-53 and CMMC Level 2/3 controls. Conduct architecture reviews and code hardening to address OWASP Top 10 and DoD STIGs. Automate security gates in CI/CD pipelines (SAST, DAST, dependency scanning, secrets detection). Security Architecture & Controls Design secure system and API architectures for multi-tenant cloud environments, including GCC High and FedRAMP-authorized platforms. Implement IAM controls, JIT provisioning, SSO/SAML/OIDC flows, and least-privilege authorization frameworks (e.g., Cognito, Azure AD). Instrument applications with security logging and monitoring that satisfies audit and continuous monitoring requirements (AU/SI control families). Vulnerability Management & Response Lead code reviews, SAST/DAST scans, and targeted penetration testing; document findings against control frameworks. Triage and remediate vulnerabilities within POA&M timelines; maintain artifact evidence for compliance assessments. Support incident response for application-layer events; contribute to after-action reports and corrective action plans. Cross-functional Collaboration Serve as the embedded security champion for engineering squads, raising the security bar through mentorship and code review culture. Develop and deliver security training and runbooks tailored to engineering and DevOps team members. Collaborate with DevOps/SRE to enforce secure IaC, WAF rules, network controls, and runtime monitoring across AWS and Azure environments. Required Qualifications Bachelor’s degree in Computer Science, Engineering, or related field—or equivalent experience. 3+ years of software engineering experience with a strong focus on security. Proficiency in one or more programming languages (e.g., JavaScript/TypeScript, Python, Go, C#). Experience with secure coding practices and frameworks. Strong understanding of application security principles, including: OWASP Top 10 Secure API/REST design Cryptography fundamentals Authentication/authorization patterns Experience with code scanning tools (SAST/DAST), threat modeling, and penetration testing. Familiarity with NIST 800-171, CMMC, or FedRAMP security control requirements and evidence collection. Hands-on experience with AWS and/or Azure security services (IAM, WAF, Security Hub, Defender, Sentinel); GCC High or GovCloud experience a plus. Preferred Qualifications Experience with container security (Docker, ECS). Working knowledge of Zero Trust Architecture principles. Experience building DevSecOps pipelines in regulated environments; familiarity with tools like Prisma, Checkov, Snyk, or Aqua. Relevant certifications (any of the following): CISSP, CSSLP, or CASP+ OSCP CEH GIAC (GWAPT, GSEC, GWEB) or CCP/CCA (UK Cyber Essentials equivalent) Experience securing microservices or event-driven architectures on ECS; background in federal or cleared environments preferred.       FULL-TIME/PART-TIME Full-Time   EXEMPT/NON-EXEMPT Exempt   ABOUT THE ORGANIZATION Eccalon provides global solutions to the most challenging technological issues of the 21st-century, and our evolving portfolio spans five major markets: Machine Learning, Cybersecurity, Aerospace & Defense, Material Sciences, Advance Manufacturing, Sports Science, Biotechnology, and Health & Life Sciences. Why Join Us? Eccalon's Executives foster a supportive work environment allowing our teams to thrive, and have a fierce dedication to innovation, security, and people. Our culture is built on inclusion, teamwork, trust, and we are committed to offering career advancement opportunities to all employees. Encouraging a healthy and balanced life, we offer an extensive benefits package to support the wellness of our employees and their families. You will be joining a team of innovators, working with cutting edge technologies, supporting mission critical projects, and making an impact. Apply today to advance your career!