Commonwealth Fusion Systems is hiring a
Senior Application Security Engineer

Summary

Join a team of leaders in tough tech, fusion science, and manufacturing to implement a plan for deploying compact fusion power plants that can meet global decarbonization goals. As a Senior Application Security Engineer, you will be responsible for application and cloud infrastructure security at CFS.

Requirements

• Bachelor degree in Cybersecurity, Computer Science or equivalent experience
• Relevant certification in the Cybersecurity field (CISSP preferred)
• 5 years experience in a hands-on application security focused role
• Experience securing IaaS (AWS) and cloud-native applications in a DevOps environment, from development to production (e.g. SAST, APIs, DAST, IaC, WAF, CSPM, CWPP, BSIMM, SAMM)
• Demonstrated ability to apply fundamental cybersecurity and IT concepts to tasks and projects
• Ability to work in a fast-paced environment and prioritize tasks/projects
• DevSecOps/automation of security tasks
• Excellent analytical and problem solving skills, and attention to detail
• Evidence of personal focus on continuous learning

Responsibilities

• Partner with various software development teams to enhance our secure SDLC efforts
• Advance the security of our IaaS and codebase in a DevOps environment, from development to production (e.g. SAST, APIs, DAST, IaC, WAF, CSPM, CWPP)
• Assist with vulnerability management and threat intelligence, tracking and mitigating threats as necessary
• Seek opportunities to apply automation and DevSecOps thinking, via threat intelligence analysis, security orchestration, and other operational efficiencies
• Contribute to the administration of cybersecurity tools needed to achieve the cybersecurity mandate (SIEM, DLP, IAM, PAM, EPP/EDR, MDM, etc.)
• Maintain current knowledge of new products and industry trends, and recommends enhancements and purchases that allow CFS to maintain a healthy and functional environment
• Provide technical consulting to management, business users, and technical associates to ensure that applications and platforms are secure
• Architect, design, implement, maintain and operate information system security controls and countermeasures; documents the operation, use, and expected outputs of these systems
• Analyze and recommend security controls and procedures in business processes related to use of information systems and assets, and provides oversight to ensure compliance and alignment with security standards/frameworks (NIST 800-53)
• Help promote a culture of cybersecurity awareness via outreach and training

Benefits

Salary range for this full-time position + equity + benefits