Staff Application Security Engineer

Senior • On-site

150,000 - 173,004 USD/yr

Washington, DC

About the role

The Nuclear Company is searching for an Application Security Engineer to help secure the software, data systems, and developer workflows that power the Nuclear Operating System, internal platforms, and mission-critical applications. This is a high-ownership role for a builder comfortable reviewing architecture, threat modeling APIs, improving GitHub security controls, and partnering with engineers to ship secure software quickly.

You will work across engineering, data, infrastructure, and operations to embed security into how software is designed, built, tested, and deployed. You will define secure development standards, review product designs, harden CI/CD workflows, and guide vulnerability remediation in a practical, risk-based way.

Responsibilities

Application & Product Security

Perform security reviews and threat models for NOS modules, internal tools, APIs, data workflows, AI-enabled features, and cloud-connected applications.
Identify and remediate risks across authentication, authorization, tenant isolation, input validation, secrets handling, encryption, logging, and data access.
Review application designs and code changes for security issues before production.
Define reusable security patterns for web applications, APIs, mobile workflows, internal platforms, and data-heavy systems.
Establish secure-by-default approaches for regulated, high-consequence infrastructure.

Secure SDLC & Developer Enablement

Build and improve DevSecOps practices across the GitHub-based SDLC including code scanning, dependency review, secret scanning, branch protections, and CI/CD hardening.
Create secure templates, automation, documentation, and lightweight review processes.
Triage findings from SAST, SCA, secret scanning, penetration tests, and code reviews.
Develop vulnerability management workflows and remediation guidance.
Support secure coding education through reviews and developer collaboration.

Platform, Cloud & Data Security

Secure AWS workloads, infrastructure-as-code, integrations, data pipelines, and deployments.
Review integrations involving Palantir Foundry, partner APIs, and AI-assisted workflows.
Protect sensitive data flows across environments.
Ensure logging and security signals support investigation and response.
Navigate cybersecurity expectations in a regulated nuclear environment.

Cross-Functional Partnership

Partner with engineers, product managers, and stakeholders.
Communicate risk clearly while balancing delivery speed.
Contribute to the product security roadmap as systems scale.
Promote ownership, velocity, and technical rigor.

Experience

4+ years in application or software security.
Experience securing web applications, APIs, distributed systems, or cloud-native services.
Strong understanding of authentication, authorization, injection, SSRF, insecure deserialization, secrets exposure, dependency risk, and API security.
Experience with GitHub Advanced Security, CodeQL, Dependabot, SAST, SCA, secret scanning, and CI/CD security.
Ability to read at least one of: Python, TypeScript, Go, Java, C#, or C++.
Familiarity with AWS IAM, encryption, logging, networking, secrets management, and infrastructure-as-code.
Strong communication skills and offensive security mindset.

Preferred Qualifications

Experience in regulated or mission-critical environments.
Familiarity with AI-assisted development, LLM applications, and prompt injection risks.
Experience with vulnerability management, DAST, penetration testing, or incident response.
Knowledge of OWASP ASVS, OWASP Top 10, OWASP API Security Top 10, NIST CSF, NIST 800-53, SOC 2, IEC 62443, or NERC CIP.
Security certifications such as AWS Certified Security – Specialty or OSWE.

Benefits

Competitive compensation packages
401k with company match
Medical, dental, vision plans
Generous vacation policy plus holidays

Estimated Starting Salary Range

$150,000 - $173,000 annually, less applicable withholdings and deductions, paid bi-weekly. Actual salary may vary based on experience, qualifications, location, certifications, and other relevant factors.

EEO Statement

The Nuclear Company is an equal opportunity employer committed to an inclusive workplace. Discrimination in any aspect of employment is prohibited.

Export Control

Certain positions may involve access to information and technology subject to U.S. export controls, which may limit consideration of some applicants.

The Nuclear Company

The Nuclear Company is a rapidly growing startup operating in the nuclear energy sector, focused on transforming how nuclear reactors are built and deployed. It is pioneering a fleet-scale, “design-once, build-many” approach to reactor construction, aiming to accelerate nuclear development across the United States and globally. The company’s mission centers on delivering safe, reliable, and cost-effective electricity while revitalizing and modernizing the nuclear industry. It emphasizes collaboration with communities, regulators, and financial stakeholders, and operates within highly regulated, critical infrastructure environments. Distinguished by its blend of advanced engineering and software-driven systems, The Nuclear Company is committed to innovation, safety, scalability, and long-term energy resilience.

Check if your resume is ATS-ready before applying →Build an ATS-optimized resume