Responsibilities
- Conduct security evaluations and threat modeling for software modules, internal utilities, APIs, data processing systems, AI-integrated features, and cloud-connected services.
- Work closely with development teams to detect and resolve risks related to authentication, authorization, tenant separation, input validation, secret management, encryption, logging, and data access controls.
- Evaluate application architectures and code modifications for potential security flaws prior to deployment.
- Develop standardized security patterns for web applications, APIs, mobile processes, internal platforms, and data-intensive systems.
- Support the implementation of secure-by-design principles in applications used in regulated, high-impact environments.
- Enhance DevSecOps practices across a GitHub-based development lifecycle, including code analysis, dependency checks, secret detection, branch protection, CI/CD security, and secure development workflows.
- Collaborate with teams to build secure pathways using templates, checklists, automation, documentation, and streamlined review methods that enable faster, confident delivery.
- Assess and prioritize security findings from static analysis, software composition analysis, secret scans, penetration tests, code reviews, and internal audits.
- Create practical vulnerability management processes, remediation strategies, and engineering-focused metrics.
- Support secure coding initiatives through design consultations, office hours, documentation, and direct collaboration with developers.
- Partner with cloud and platform teams to secure AWS workloads, infrastructure-as-code, service integrations, data pipelines, and deployment procedures.
- Evaluate security for integrations involving Palantir Foundry, third-party APIs, internal data platforms, and AI-assisted development workflows.
- Help protect sensitive data as it moves across application, platform, and operational environments.
- Work with infrastructure and development teams to ensure application events, audit logs, and security telemetry are collected to support incident investigation and response.
- Navigate cybersecurity requirements in a regulated nuclear energy context, including compliance with relevant frameworks and critical infrastructure standards.
- Act as a trusted security advisor to software developers, product managers, data engineers, infrastructure teams, and business stakeholders.
- Communicate security risks clearly and practically, balancing security needs with delivery speed, product usability, and operational efficiency.
- Contribute to the evolution of application and product security strategy as the organization scales from early systems to fleet-wide operations.
- Help cultivate a culture of accountability, speed, and technical excellence across engineering and cybersecurity teams.
Benefits
- Competitive pay and total compensation packages
- 401k retirement plan with employer matching contributions
- Comprehensive medical, dental, and vision insurance options
- Generous paid time off and company holidays
Compensation
Competitive compensation packages
Work Arrangement
Not specified
Team
Not specified
Other
- Compliance with export controls under U.S. law may limit consideration of certain applicants.
- Equal opportunity employer: no discrimination based on race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or other protected characteristic.
- Recruiting fraud alert: official communication only via @thenuclearcompany.com; no payments or sensitive financial information requested during recruitment.
Not specified