Application Security Engineer

Please review the job details below.
Maxar Space is seeking an Application Security Engineer to join our Cyber Engineering group in Palo Alto CA. This position may also be performed remotely within the U.S. The Application Security Engineer is a critical technical leader responsible for embedding security into every phase of the software development lifecycle (SDLC). This role designs, implements, and maintains automated security scanning tools (SAST/SCA) within CI/CD pipelines to proactively identify vulnerabilities. By analyzing scan results, prioritizing risks, and delivering actionable remediation guidance, the engineer ensures software teams can resolve issues efficiently. Beyond tooling, this individual serves as a security champion, partnering directly with developers to advocate for secure coding practices, conduct threat modeling, and integrate security requirements into Agile workflows. The ideal candidate balances technical expertise in application security frameworks with strong communication skills to drive a culture of security-first development across the organization
Responsibilities:
Tool Implementation & CI/CD Integration

• Design, configure, and deploy SAST (e.g., Checkmarx, SonarQube) and SCA (e.g., Snyk, Dependency-Track) tools.
• Automate security scans within CI/CD pipelines (Jenkins, GitLab CI) to enable DevSecOps workflows.
• Customize security tooling to reduce false positives and align with application architectures.

Security Analysis & Reporting

• Review scan results, prioritize vulnerabilities using risk assessment frameworks (CVSS), and generate actionable reports.
• Provide remediation guidance to developers, including secure coding practices and mitigation strategies.
• Conduct threat modeling and security reviews during SDLC phases.

Secure Development Advocacy

• Act as a champion for secure development practices, promoting security-first thinking across engineering teams.
• Work directly with software teams to integrate security into design, code reviews, and testing phases.
• Lead workshops on secure coding standards (e.g., OWASP ASVS) and threat modeling methodologies.

Collaboration & Process Improvement

• Partner with DevOps and development teams to enforce security standards in code and infrastructure.
• Serve as a security liaison, embedding secure practices into Agile workflows and advocating for security requirements in sprint planning.
• Develop documentation for security controls, policies, and incident response procedures.
• Lead security training sessions for engineering teams on SAST/SCA findings and secure coding.

System Maintenance

• Maintain security tools, ensuring updates and integrations align with organizational needs.
• Monitor emerging threats and adapt scanning rules/processes to address new risks.

Minimum Requirements:

• Must be a U.S. citizen
• Bachelor's degree in Cybersecurity, Computer Science, or related field.
• 8 years of experience, including hands-on experience in application security, including SAST/SCA tool deployment and integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions).

Preferred Skills/Qualifications and Certifications:

• Tool Proficiency:
  • SAST tools (Checkmarx, Fortify, CodeQL).
  • SCA tools (Snyk, Black Duck, OWASP Dependency-Check).
  • CI/CD platforms (Jenkins, GitLab CI, Azure DevOps).
• Development Knowledge:
  • Secure coding practices for languages like Java, Python, or .NET.
  • Web application architectures (microservices, APIs, cloud-native systems).
• Security Frameworks:
  • OWASP Top 10, NIST SP 800-115, and ISO 27001.

Preferred Certifications

• CASE (Certified Application Security Engineer) - EC-Council.
• CSSLP (Certified Secure Software Lifecycle Professional).
• OSCP or CEH (for penetration testing familiarity).

Soft Skills

• Communication: Ability to translate technical risks for non-technical stakeholders.
• Collaboration: Experience working in Agile/Scrum environments with cross-functional teams.
• Leadership: Proven ability to influence developers and drive security culture shifts.
• Mentorship: Experience coaching teams on remediation strategies and secure coding techniques.

Additional Preferences

• Familiarity with container security (Docker, Kubernetes) and cloud platforms (AWS, Azure).
• Experience with automated remediation of common vulnerabilities in CI/CD pipelines.

In support of pay transparency at Maxar, we disclose salary ranges on all U.S. job postings. The successful candidate's starting pay will fall within the salary range provided below and is determined based on job-related factors, including, but not limited to, the experience, qualifications, knowledge, skills, geographic work location, and market conditions. Candidates with the minimum necessary experience, qualifications, knowledge, and skillsets for the position should not expect to receive the upper end of the pay range.
• The base pay for this position within Colorado is: $119,000.00 - $199,000.00 annually.
• The base pay for this position within the Washington, DC metropolitan area is: $131,000.00 - $219,000.00 annually.
• The base pay for this position within California is: $137,000.00 - $229,000.00 annually.
For all other states, we use geographic cost of labor as an input to develop market-driven ranges for our roles, and as such, each location where we hire may have a different range.
We offer a comprehensive package of benefits including paid time off, health and welfare insurance, and 401(k) to eligible employees. You can find more information on our benefits at: https://www.maxar.com/careers/benefits
Additionally, this position is incentive eligible with a target based on contribution, company performance, and/or individual results achieved; the specific incentive plan and target amount will be determined based on the role and breadth of contributions.
The application window is three days from the date the job is posted and will remain posted until a qualified candidate has been identified for hire. If the job is reposted regardless of reason, it will remain posted three days from the date the job is reposted and will remain reposted until a qualified candidate has been identified for hire.
The date of posting can be found on Maxar's Career page at the top of each job posting.
To apply, submit your application via Maxar's Career page.
Maxar Technologies values diversity in the workplace and is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.