Software Security Engineer

Описание вакансии

This is a U.S. based position. All of the programs we support require U.S. citizenship to be eligible for employment. All work must be conducted within the continental U.S.

Who we are:

Raft (https://TeamRaft.com) is a customer-obsessed non-traditional defense tech company dedicated to empowering U.S. military and government agencies with cutting-edge AI/ML and data solutions. We are a leader in autonomous data fusion and Agentic AI, with a purposeful focus on Distributed Data Systems, Platforms at Scale, and Complex Application Development. With headquarters in McLean, VA, our range of clients includes innovative federal and public agencies leveraging design thinking, cutting-edge tech stack, and cloud-native ecosystem. We build digital solutions that impact the lives of millions of Americans.

About the role:

Raft is seeking a Software Security Engineer to join our team! In this role, you will be the technical authority for software security across the program, ensuring that all systems meet the rigorous security standards required for DoD personnel vetting and adjudication platforms. You will embed security practices into every phase of the software development lifecycle and serve as a trusted advisor to program leadership and Government stakeholders.

What you'll do:

• Lead the design, implementation, and continuous improvement of software security practices across the SDLC, from requirements through deployment and operations
• Conduct threat modeling, security architecture reviews, and code security assessments to identify and remediate vulnerabilities before they reach production
• Oversee static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) tooling integration within CI/CD pipelines
• Support the RMF Authorization to Operate (ATO) process, including development of SSPs, POA&Ms, and security control documentation
• Serve as the primary liaison with the Government's Information System Security Manager (ISSM) and Authorizing Official (AO) on all security matters
• Lead penetration testing planning, remediation tracking, and security incident response activities
• Mentor development and DevSecOps teams on secure coding standards, vulnerability management, and security-by-design principles

What we are looking for:

• CISSP certification required
• 10+ years of experience in software security, including application security, vulnerability management, and secure SDLC practices
• Strong knowledge of NIST SP 800-53, RMF, and DoD security frameworks applicable to IL4/IL5 systems
• Hands-on experience with SAST/DAST tools (e.g., Fortify, Checkmarx, Veracode, OWASP ZAP) and interpreting results for development teams
• Must possess certifications IAW DoD Directive 8140.01 (Cyberspace Workforce Management) and DoD 8570.01-M (Information Assurance Workforce Improvement Program)
• Active Top Secret clearance with SCI eligibility

Highly preferred:

• Additional certifications such as CSSLP, CEH, GPEN, or equivalent offensive/defensive security credentials
• Experience supporting ATO processes for DoD enterprise systems
• Familiarity with Zero Trust Architecture, DevSecOps pipelines, and container security (Kubernetes, Docker)
• Experience with DoD identity management, PKI, and access control systems

 Clearance Requirements:

• Active Top Secret security clearance with SCI eligibility

Work Type:

• Hybrid; minimum 2 days a week required on-site presence
• Key Personnel must be available to begin work no later than 30 days after contract award

What we will offer you:

• Highly competitive salary
• Fully covered healthcare, dental, and vision coverage
• 401(k) and company match
• Take as you need PTO + 11 paid holidays
• Education & training benefits
• Generous Referral Bonuses
• And More!

Our Vision Statement:

We bridge the gap between humans and data through radical transparency and our obsession with the mission. 

Our Customer Obsession: 

We will approach every deliverable like it's a product. We will adopt a customer-obsessed mentality. As we grow, and our footprint becomes larger, teams and employees will treat each other not only as teammates but customers. We must live the customer-obsessed mindset, always. This will help us scale and it will translate to the interactions that our Rafters have with their clients and other product teams that they integrate with. Our culture will enable our success and set us apart from other companies.

How do we get there? 

Public-sector modernization is critical for us to live in a better world. We, at Raft, want to innovate and solve complex problems. And, if we are successful, our generation and the ones that follow us will live in a delightful, efficient, and accessible world where out-of-box thinking, and collaboration is a norm. 

Raft’s core philosophy is Ubuntu: I Am, Because We are. We support our “nadi” by elevating the other Rafters. We work as a hyper collaborative team where each team member brings a unique perspective, adding value that did not exist before. People make Raft special. We celebrate each other and our cognitive and cultural diversity. We are devoted to our practice of innovation and collaboration. 

We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.