Software Security Engineer (Java)

Software Security Engineer (Java)

Safeguard mission-critical defense systems by securing Java-based software operating in classified environments. As a Software Security Engineer (Java), you will work hands-on with Java source code, performing static code analysis, identifying security vulnerabilities, and supporting remediation efforts across the secure software development lifecycle. This role is engineering-focused, not policy-only. You will collaborate directly with software developers, systems engineers, ISSOs, and network teams to strengthen the security posture of actively deployed and sustained Java applications supporting national defense missions.

What You'll Do :

• Perform static security analysis of Java source code, identifying vulnerabilities and security weaknesses and clearly explaining findings to development teams.
• Use Fortify and Software Security Center (SSC) hands-on to execute scans, analyze results, validate findings, and support vulnerability remediation.
• Support secure software design by applying defense-in-depth principles across Java-based systems operating in classified environments.
• Provide technical input to RMF activities, including vulnerability evidence, control implementation details, and remediation tracking (not policy ownership).
• Conduct vulnerability assessments and security reviews in alignment with DoD requirements.
• Apply and validate Security Technical Implementation Guides (STIGs) and configuration controls across systems and applications.
• Monitor systems using ACAS and other DoD-approved tools to identify security risks and compliance gaps.
• Participate in incident response and forensic analysis efforts as needed.
• Collaborate closely with : software developers on secure coding and remediation, systems engineers on architecture and control implementation, ISSOs and network teams on compliance and operational security.
• Produce clear technical documentation and briefings for both technical and non-technical stakeholders.
• Mentor junior engineers and contribute to continuous improvement of security practices.

Required Qualifications :

Preferred Qualifications :

Mid vs Senior Expectations :

Important Notes :

Who is Caribou Thunder?

Caribou Thunder is a HUBZone-certified small business providing advanced technical and engineering services to the U.S. Department of War and its mission partners. 35+ states and 20+ countries. We've delivered trusted solutions for over two decades strengthening national readiness across missions on land, undersea, in the air, and throughout LEO, MEO, GEO, and deep space.

Why Caribou Thunder?

TEAM THUNDER Mission Focused. Delivery Proven. Ready to Serve.

Employee Advocacy

Mission Proven

Global Reach

Skilled Teams

Modern Tools

Empowering Culture

Our engineers and innovators ensure capability from sea floor to space frontier delivering on time, maintaining compliance, and performing with precision in high-consequence environments. We specialize in Engineering Services, Cybersecurity, Software Development, Modeling & Simulation, Digital Engineering, and Artificial Intelligence disciplines powering the nation's most complex technical missions.

Employee Advocacy + Benefits

Our people are the heart of Caribou Thunder. We invest in their growth, flexibility, and well-being knowing their success drives ours. Benefits include :

Your future, your flexibility, your well-being we invest in you.