Posted today
Secret
Early Career (2+ yrs experience)
$80,000 - $98,000
IT - Security
Newport News, VA (On-Site/Office)
Software Security Engineer (Java)
Mid: $80,000 – $98,000
Senior: $100,000 – $169,000
Newport News, VA | Active Secret Clearance Required | On-Site
Role Overview
Safeguard mission-critical defense systems by securing Java-based software operating in classified environments. As a Software Security Engineer (Java), you will work hands-on with Java source code, performing static code analysis, identifying security vulnerabilities, and supporting remediation efforts across the secure software development lifecycle.
This role is engineering-focused, not policy-only. You will collaborate directly with software developers, systems engineers, ISSOs, and network teams to strengthen the security posture of actively deployed and sustained Java applications supporting national defense missions.
What You’ll Do
Perform static security analysis of Java source code, identifying vulnerabilities and security weaknesses and clearly explaining findings to development teams.
Use Fortify and Software Security Center (SSC) hands-on to execute scans, analyze results, validate findings, and support vulnerability remediation.
Support secure software design by applying defense-in-depth principles across Java-based systems operating in classified environments.
Provide technical input to RMF activities, including vulnerability evidence, control implementation details, and remediation tracking (not policy ownership).
Conduct vulnerability assessments and security reviews in alignment with DoD requirements.
Apply and validate Security Technical Implementation Guides (STIGs) and configuration controls across systems and applications.
Monitor systems using ACAS and other DoD-approved tools to identify security risks and compliance gaps.
Participate in incident response and forensic analysis efforts as needed.
Collaborate closely with:
Software developers on secure coding and remediation
Systems engineers on architecture and control implementation
ISSOs and network teams on compliance and operational security
Produce clear technical documentation and briefings for both technical and non-technical stakeholders.
Mentor junior engineers and contribute to continuous improvement of security practices.
Required Qualifications
U.S. Citizenship + Active Secret clearance
Proven experience performing static security analysis of Java code
Must be able to read, understand, and explain Java logic and vulnerabilities
Hands-on experience using Fortify and Software Security Center (SSC)
CompTIA Security+ (DoD 8570 IAT Level II compliant)
Ability to work on-site full time in Newport News, VA (80–90% of work performed in a secure lab)
2+ years with a Bachelor’s degree in Computer Science, Information Security, or a related discipline
Strong understanding of cybersecurity engineering principles and secure software implementation
Working knowledge of:
Risk Management Framework (RMF) controls and documentation
ACAS scanning, configuration, and reporting
STIG implementation and compliance enforcement
Industry frameworks such as NIST, NIST 800-53, and ISO 27001
Strong analytical skills and the ability to clearly communicate technical findings
Preferred Qualifications
Master’s degree in Cybersecurity, Information Assurance, or related discipline
Advanced certifications (CISSP, CISM, CEH, OSCP)
Experience with additional languages such as C++ or Python in secure environments
Familiarity with cloud security, virtualized infrastructure, or zero-trust architectures
Experience supporting both active development and sustainment environments
Exposure to automated vulnerability scanning, SIEM tools, or advanced threat detection
Interest in emerging cybersecurity technologies within the defense sector
Mid vs Senior Expectations
Mid-Level: Strong Java and security fundamentals with hands-on Fortify experience; capable of contributing immediately with guidance on RMF processes.
Senior-Level: Deeper technical ownership, mentorship of junior staff, and greater influence on secure design decisions and remediation strategy.
Important Notes
This role is not a SOC analyst, ISSO, or cloud-only DevSecOps position.
Candidates must bring real Java security experience — not just tool exposure.
Classified, on-site work is a core requirement.
Who is Caribou Thunder?
Caribou Thunder is a HUBZone-certified small business providing advanced technical and engineering services to the U.S. Department of War and its mission partners.
35+ states and 20+ countries. We’ve delivered trusted solutions for over two decades — strengthening national readiness across missions on land, undersea, in the air, and throughout LEO, MEO, GEO, and deep space.
Why Caribou Thunder? TEAM THUNDER — Mission Focused. Delivery Proven. Ready to Serve.
Employee Advocacy
Mission Proven
Global Reach
Skilled Teams
Modern Tools
Empowering Culture
Our engineers and innovators ensure capability from sea floor to space frontier — delivering on time, maintaining compliance, and performing with precision in high-consequence environments.
We specialize in Engineering Services, Cybersecurity, Software Development, Modeling & Simulation, Digital Engineering, and Artificial Intelligence — disciplines powering the nation’s most complex technical missions.
Employee Advocacy + Benefits
Our people are the heart of Caribou Thunder. We invest in their growth, flexibility, and well-being — knowing their success drives ours.
Benefits include:
Premium Health, Dental & Vision Insurance
401(k) with 6% Company Match
Flexible PTO & Work Schedule
Education & Certification Reimbursement
Support for Military Leave
Work–Life Balance & Traditional Family Values
Your future, your flexibility, your well-being — we invest in you. Apply and let’s connect
Mid: $80,000 – $98,000
Senior: $100,000 – $169,000
Newport News, VA | Active Secret Clearance Required | On-Site
Role Overview
Safeguard mission-critical defense systems by securing Java-based software operating in classified environments. As a Software Security Engineer (Java), you will work hands-on with Java source code, performing static code analysis, identifying security vulnerabilities, and supporting remediation efforts across the secure software development lifecycle.
This role is engineering-focused, not policy-only. You will collaborate directly with software developers, systems engineers, ISSOs, and network teams to strengthen the security posture of actively deployed and sustained Java applications supporting national defense missions.
What You’ll Do
Perform static security analysis of Java source code, identifying vulnerabilities and security weaknesses and clearly explaining findings to development teams.
Use Fortify and Software Security Center (SSC) hands-on to execute scans, analyze results, validate findings, and support vulnerability remediation.
Support secure software design by applying defense-in-depth principles across Java-based systems operating in classified environments.
Provide technical input to RMF activities, including vulnerability evidence, control implementation details, and remediation tracking (not policy ownership).
Conduct vulnerability assessments and security reviews in alignment with DoD requirements.
Apply and validate Security Technical Implementation Guides (STIGs) and configuration controls across systems and applications.
Monitor systems using ACAS and other DoD-approved tools to identify security risks and compliance gaps.
Participate in incident response and forensic analysis efforts as needed.
Collaborate closely with:
Software developers on secure coding and remediation
Systems engineers on architecture and control implementation
ISSOs and network teams on compliance and operational security
Produce clear technical documentation and briefings for both technical and non-technical stakeholders.
Mentor junior engineers and contribute to continuous improvement of security practices.
Required Qualifications
U.S. Citizenship + Active Secret clearance
Proven experience performing static security analysis of Java code
Must be able to read, understand, and explain Java logic and vulnerabilities
Hands-on experience using Fortify and Software Security Center (SSC)
CompTIA Security+ (DoD 8570 IAT Level II compliant)
Ability to work on-site full time in Newport News, VA (80–90% of work performed in a secure lab)
2+ years with a Bachelor’s degree in Computer Science, Information Security, or a related discipline
Strong understanding of cybersecurity engineering principles and secure software implementation
Working knowledge of:
Risk Management Framework (RMF) controls and documentation
ACAS scanning, configuration, and reporting
STIG implementation and compliance enforcement
Industry frameworks such as NIST, NIST 800-53, and ISO 27001
Strong analytical skills and the ability to clearly communicate technical findings
Preferred Qualifications
Master’s degree in Cybersecurity, Information Assurance, or related discipline
Advanced certifications (CISSP, CISM, CEH, OSCP)
Experience with additional languages such as C++ or Python in secure environments
Familiarity with cloud security, virtualized infrastructure, or zero-trust architectures
Experience supporting both active development and sustainment environments
Exposure to automated vulnerability scanning, SIEM tools, or advanced threat detection
Interest in emerging cybersecurity technologies within the defense sector
Mid vs Senior Expectations
Mid-Level: Strong Java and security fundamentals with hands-on Fortify experience; capable of contributing immediately with guidance on RMF processes.
Senior-Level: Deeper technical ownership, mentorship of junior staff, and greater influence on secure design decisions and remediation strategy.
Important Notes
This role is not a SOC analyst, ISSO, or cloud-only DevSecOps position.
Candidates must bring real Java security experience — not just tool exposure.
Classified, on-site work is a core requirement.
Who is Caribou Thunder?
Caribou Thunder is a HUBZone-certified small business providing advanced technical and engineering services to the U.S. Department of War and its mission partners.
35+ states and 20+ countries. We’ve delivered trusted solutions for over two decades — strengthening national readiness across missions on land, undersea, in the air, and throughout LEO, MEO, GEO, and deep space.
Why Caribou Thunder? TEAM THUNDER — Mission Focused. Delivery Proven. Ready to Serve.
Employee Advocacy
Mission Proven
Global Reach
Skilled Teams
Modern Tools
Empowering Culture
Our engineers and innovators ensure capability from sea floor to space frontier — delivering on time, maintaining compliance, and performing with precision in high-consequence environments.
We specialize in Engineering Services, Cybersecurity, Software Development, Modeling & Simulation, Digital Engineering, and Artificial Intelligence — disciplines powering the nation’s most complex technical missions.
Employee Advocacy + Benefits
Our people are the heart of Caribou Thunder. We invest in their growth, flexibility, and well-being — knowing their success drives ours.
Benefits include:
Premium Health, Dental & Vision Insurance
401(k) with 6% Company Match
Flexible PTO & Work Schedule
Education & Certification Reimbursement
Support for Military Leave
Work–Life Balance & Traditional Family Values
Your future, your flexibility, your well-being — we invest in you. Apply and let’s connect
group id: 10496462
