AppSec Jobs
← Back to all jobs

SciTec

Staff/Sr. Staff Application Security Engineer

Onsite
Princeton, NJPosted 4 days ago$96,000 - $146,000 / yearWebsite
Apply on LinkedIn →

At a Glance

2+ years experiencePythonJavaScript/TypeScriptRustThreat ModelingDevSecOps

About This Role

SciTec, a wholly owned subsidiary of Firefly Aerospace, is a dynamic non-traditional defense contractor that delivers advanced technologies in support of U.S. National Security and Defense. For the past forty-five plus years, we have supported Department of Defense customers by developing innovative remote sensing algorithms, tools, and techniques to deliver world-class data exploitation capabilities supporting missile defense; intelligence, surveillance, & reconnaissance; space domain awareness; and aircraft survivability missions. SciTec has an immediate opportunity for a talented engineer to support our programs delivering Next-Generation Missile Warning software. This is a unique opportunity to join a business delivering core capabilities for National defense. You will work within a fast-paced team delivering end-to-end software processing of Overhead Persistent InfraRed (OPIR) sensor data for Missile Warning, Missile Defense, Battlespace Awareness, and Technical Intelligence. We are seeking an Application Security Engineer to help secure mission-critical software systems by identifying, analyzing, and mitigating application-level vulnerabilities. This role focuses on hands-on security analysis, tooling integration, and working directly with software engineers to embed security into the development lifecycle. The ideal candidate combines strong technical security skills with the ability to collaborate effectively with developers in a DevSecOps environment.

Responsibilities

  • Perform application security analysis using both automated and manual techniques, including static code analysis (SAST), software composition analysis (SCA), fuzzing, and manual code and design reviews
  • Identify, analyze, and help remediate application vulnerabilities
  • Support software engineers in integrating security considerations into system and application designs
  • Integrate and maintain application security tooling within CI/CD and DevSecOps pipelines
  • Design, implement, and improve continuous integration security analysis tooling
  • Tune and maintain security tools to reduce false positives and improve signal quality
  • Assist development teams in understanding findings and implementing effective fixes
  • Support threat modeling and secure design reviews
  • Stay current with emerging vulnerabilities, attack techniques, and mitigation strategies
  • Document findings, recommendations, and best practices
  • Perform other duties as assigned

Requirements

PythonJavaScriptSonarQubeSnykDevSecOps
  • Bachelor's degree plus 2+ years of professional experience in cybersecurity or software development, or equivalent experience
  • 2+ years of experience focused on application/software security
  • Experience analyzing source code for security flaws
  • Familiarity with secure software development practices
  • Strong analytical, problem-solving, and communication skills
  • Detail-oriented with strong written and verbal communication abilities
  • Ability to qualify for and maintain a DoD or DoE Secret security clearance
  • Ability to meet DoD 8140.01 Cyberspace Workforce Management requirements within six months of hire
  • Good verbal and written communication skills
  • Attention to detail
  • Active DoD Secret clearance or higher (preferred)
  • Experience identifying, exploiting, and remediating application vulnerabilities with credit for published CVEs (preferred)
  • Proficiency in one or more programming languages such as C++, Python, JavaScript, Rust (preferred)
  • Experience configuring and operating static analysis tools (e.g., Coverity, Klocwork, SonarQube) (preferred)
  • Experience configuring and operating software composition analysis tools (e.g., Snyk, Sonatype, Anchore, JFrog Xray) (preferred)
  • Experience with fuzzing frameworks (AFL, AFL++, honggfuzz, or similar) (preferred)
  • Experience with debugging, runtime instrumentation, or reverse engineering, including tools such as strace, eBPF, Ghidra or IDA Pro (preferred)
  • Familiarity with threat modeling methodologies and frameworks such as MITRE ATT&CK (preferred)
  • Experience working in DevSecOps or Agile development environments (preferred)

Benefits & Perks

4% Safe Harbor 401(k) match
100% company paid HSA Medical insurance, with a choice of 2 buy-up options
80% company paid Dental insurance
100% company paid Vision insurance
100% company paid Life insurance
100% company paid Long-term Disability insurance
100% company paid Hospital Indemnity insurance
Voluntary Accident and Critical Illness insurance
Short-term Disability insurance
Annual Profit-Sharing Plan
Discretionary Performance Bonus
Paid Parental Leave
Generous Paid Time Off, including Holiday, Vacation, and Sick Pay
Flexible Work Hours

About SciTec

SciTec, Inc. is a defense technology company based in Princeton, New Jersey, founded in 1979. The company specializes in research and development for remote sensing applications, missile defense, and national security solutions. With approximately 243 employees and $28.7 million in revenue, SciTec operates additional offices in Huntsville, AL; Dayton, OH; Boulder, CO; Herndon, VA; and El Segundo, CA, to enhance customer proximity. The company employs the SciTec Triad, which includes system modeling, rapid prototyping, and operational evolution, to create adaptive systems for emerging threats. SciTec focuses on physics-based observable models, custom scientific instrumentation, advanced tracking algorithms, and low-latency signal processing. Their integrated R&D services encompass model and algorithm development, field testing, and mission data processing applications, including a significant contract with the U.S. Space Force for missile warning missions. SciTec serves various U.S. military branches and government agencies, emphasizing national security missions.

Industry

defense & space

Employees

370

162 engineers

Revenue

$164M

Website

Visit →

Security at SciTec

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • SciTec frames its broader mission as defensive, stating "SciTec exists to defend the future." The approach is collaborative and integrated into the development cycle, focusing on hands-on security analysis, tooling integration, and working directly with software engineers.
  • The company emphasizes agility and rapid response within small teams, where employees operate with unmatched agility in small, agile teams where their work is seen.
  • A key priority is the optimization of security signals, specifically tuning and maintaining security tools to reduce false positives and improve signal quality.
  • However, no public-facing security blog or engineering manifesto exists to provide more detailed philosophy beyond recruitment language.

Security Team

  • The AppSec function operates within a DevSecOps model, emphasizing direct collaboration with software engineers.
  • Key public-facing leaders include Chad Moyer, Information Systems Security Manager, who manages cybersecurity operations for three sites and drafts policies for the IA department, and Jesse Boring, Information System Security Manager, who applies the NIST AI Risk Management Framework to enhance security and reliability of AI systems. The team size is estimated at 5-10 identified in security/IA management, with specific AppSec headcount not publicly distinguishable.
  • There is currently 1 active AppSec job posting (Application Security Engineer) with emphasis on SAST/SCA tuning, CI/CD integration, and fuzzing.
  • No designated 'Head of Application Security' was identified.
  • Roles are currently titled under Information Systems Security Management or general Software Engineering.

Key Initiatives

  • Security is integrated directly into the automated pipeline through CI/CD and DevSecOps integration.
  • The team performs both automated and manual application security analysis.
  • Proactive design reviews are conducted, including threat modeling and secure design reviews.
  • Recent initiatives focus on expanding automated analysis and pipeline integration.
  • No evidence of a Security Champions Program, bug bounty programs, or external penetration testing results was found.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn