nexus IT group
Senior Software Engineer, Product 1225
nexus IT group, Boulder, Colorado, United States, 80301
We’re looking for an engineer who can design and implement security‑focused software to help embed security earlier in our development lifecycle. This role centers on building automated controls into CI/CD workflows—such as SBOM generation, vulnerability scanning, and other security checks—while also maintaining and improving shared internal libraries and infrastructure related to authentication, authorization, and logging. You’ll also support monitoring and operational security tooling, and help guide teams on aligning their systems with NIST 800‑171/CMMC‑style requirements.
You’ll work closely with senior security leadership, platform/infrastructure teams, development tooling groups, and compliance partners. The environment is lean and outcome‑oriented, with a focus on secure code and architecture rather than heavy process. You may occasionally participate in external or government‑related security conversations under the guidance of senior engineers.
Expect the work to be about 80–90% hands‑on engineering, with the remainder focused on collaboration, reviews, and ongoing learning.
Key Responsibilities
Embed Security in the SDLC:
Help integrate automated security checks into CI/CD pipelines (e.g., SAST/DAST/SCA scans, SBOM tooling, vulnerability scanning via GitHub Actions or ArgoCD). Maintain Shared Security Components:
Contribute to the upkeep and evolution of common libraries and infrastructure for authentication, authorization, logging, and other runtime security elements. Support Compliance Initiatives:
Assist in implementing technical controls—such as encryption, secure configuration, and monitoring—to meet CMMC-Level‑2‑equivalent requirements across access control, identity, system protection, and security monitoring categories. Participate in Reviews & Modeling:
Join architecture reviews, code audits, and threat modeling sessions to surface and resolve issues like API weaknesses or supply‑chain risks. Collaborate Across Teams:
Participate in code reviews, pair programming, and tooling development, supporting secure engineering practices across the organization. Required Qualifications
Experience:
5+ years in software or security engineering, with 3+ years dedicated to security‑focused work. Background in securing cloud environments (preferably AWS), strengthening CI/CD pipelines, and supporting compliance frameworks (NIST, CMMC, FedRAMP, etc.). Technical Skills:
Experience with container and orchestration security (Docker/Kubernetes), common security tools (e.g., Trivy, Snyk, Falco, OPA), and languages commonly used for security tooling (Python, Rust). Strong understanding of contemporary attack vectors and defense techniques. Security Knowledge:
Familiarity with threat classes (e.g., injection, lateral movement), control frameworks (e.g., NIST 800‑53), DevSecOps practices, SBOM usage, zero‑trust concepts, and SIEM‑backed logging pipelines. Collaboration Skills:
Ability to partner effectively with engineering, infrastructure, and compliance teams, and contribute thoughtfully to internal and external security discussions. Preferred Qualifications
Exposure to AWS‑native security services (e.g., GuardDuty, Security Hub, Config) and infrastructure‑as‑code tools like Terraform Experience with security for embedded or specialized hardware/software systems Contributions to open‑source security initiatives Relevant certifications (CSSLP, OSCP, GIAC or similar) backed by practical experience Comfort working in small, fast‑moving engineering teams and taking guidance from senior security mentors Bonus Experience
Work in regulated, high‑assurance environments (e.g., aerospace, defense) Eligibility or experience with handling sensitive or restricted data
#J-18808-Ljbffr
Embed Security in the SDLC:
Help integrate automated security checks into CI/CD pipelines (e.g., SAST/DAST/SCA scans, SBOM tooling, vulnerability scanning via GitHub Actions or ArgoCD). Maintain Shared Security Components:
Contribute to the upkeep and evolution of common libraries and infrastructure for authentication, authorization, logging, and other runtime security elements. Support Compliance Initiatives:
Assist in implementing technical controls—such as encryption, secure configuration, and monitoring—to meet CMMC-Level‑2‑equivalent requirements across access control, identity, system protection, and security monitoring categories. Participate in Reviews & Modeling:
Join architecture reviews, code audits, and threat modeling sessions to surface and resolve issues like API weaknesses or supply‑chain risks. Collaborate Across Teams:
Participate in code reviews, pair programming, and tooling development, supporting secure engineering practices across the organization. Required Qualifications
Experience:
5+ years in software or security engineering, with 3+ years dedicated to security‑focused work. Background in securing cloud environments (preferably AWS), strengthening CI/CD pipelines, and supporting compliance frameworks (NIST, CMMC, FedRAMP, etc.). Technical Skills:
Experience with container and orchestration security (Docker/Kubernetes), common security tools (e.g., Trivy, Snyk, Falco, OPA), and languages commonly used for security tooling (Python, Rust). Strong understanding of contemporary attack vectors and defense techniques. Security Knowledge:
Familiarity with threat classes (e.g., injection, lateral movement), control frameworks (e.g., NIST 800‑53), DevSecOps practices, SBOM usage, zero‑trust concepts, and SIEM‑backed logging pipelines. Collaboration Skills:
Ability to partner effectively with engineering, infrastructure, and compliance teams, and contribute thoughtfully to internal and external security discussions. Preferred Qualifications
Exposure to AWS‑native security services (e.g., GuardDuty, Security Hub, Config) and infrastructure‑as‑code tools like Terraform Experience with security for embedded or specialized hardware/software systems Contributions to open‑source security initiatives Relevant certifications (CSSLP, OSCP, GIAC or similar) backed by practical experience Comfort working in small, fast‑moving engineering teams and taking guidance from senior security mentors Bonus Experience
Work in regulated, high‑assurance environments (e.g., aerospace, defense) Eligibility or experience with handling sensitive or restricted data
#J-18808-Ljbffr