Senior Security Developer (Full Stack)

Job Description

Description:

C. Mack Solutions is looking for a senior software developer/architect with a passion for government technology solutions to lead the implementation of security solutions across all layers of our infrastructure, though primarily in the application layer, and in the interactions between systems. The ideal candidate will relish the opportunity to tackle hard problems and find solutions within the environmental constraints that exist. They will also be able to serve as a technical lead, working independently and in coordination with other team members to communicate complex technical concepts and guide cross-functional teams through the development lifecycle. This is a great opportunity to work on mission-critical systems that bring clear value to our customers and end users on a daily basis.

What You'll Be Doing:

Engineer and deploy comprehensive security measures throughout the software lifecycle, from development to production, ensuring adherence to secure coding standards and safeguarding data

Establish and maintain security architecture and policies specifically designed for AWS-based microservices environments

Scale security solutions across diverse development teams and applications with varying architectural designs

Analyze code scan outputs from tools like Anchore, WebInspect, and DBProtect, and collaborate with compliance teams to fine-tune and enhance scanning effectiveness

Champion early-stage security integration by building and embedding tools that enforce security checkpoints within CI/CD workflows

Integrate security checks into source control and pipelines to deliver prompt feedback and uncover insecure coding patterns early in the development process

Perform vulnerability scans and penetration tests to detect and address security weaknesses proactively

Apply ethical hacking techniques to uncover and remediate security flaws in both applications and infrastructure

Promote secure development practices in Java, Python, and Angular by offering internal training and hands-on support for secure coding, deployment, and operations

Deploy real-time security monitoring and alerting systems to swiftly identify and respond to potential threatsRequirements:

U.S. Citizenship is required. Candidate must be able to obtain CBP Public Trust clearance.

Bachelor’s degree and over 10 years of hands-on experience in software development using Java, Python, and Angular

Recent experience building applications in Java with Spring Boot framework

Proven expertise in implementing security protocols such as TLS/SSL, IPsec, OAuth, OpenID Connect, SAML, HTTPS, and encryption/key management

Solid grasp of Zero Trust security concepts and practical approaches to implementation

Extensive experience working with AWS services and security tools, including IAM, VPC, CloudTrail, and AWS Security features

Strong background in microservices and container technologies, including Docker and Kubernetes

Track record of integrating security checks and controls into CI/CD pipelines

Knowledgeable in network security, database systems, and hardware-level protections

Exceptional analytical and troubleshooting abilities, with a keen eye for detail

Effective communicator able to explain complex security topics to both technical and non-technical audiences

Experienced in leading projects and mentoring team members to support growth and collaboration

Collaborative mindset with the ability to work closely with developers, ISSOs, security engineers, architects, and other stakeholders involved in solution delivery

Preferred Skills and Experience:

Skilled in using ethical hacking tools and techniques to identify and address security vulnerabilities

Holds relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or AWS Certified Security – Specialty

Experienced in contributing to large-scale initiatives involving multiple development and operations teams

Familiar with working on federal government projects, including navigating compliance and regulatory requirements

Full-time