Security Software Engineer

  • 60k - 105k
  • Rockville, MD, USA
  • Permanent, Full time
  • MThree Consulting
  • 23 May 19

Mthree is proud to partner with a well-known financial services organization based out of Rockville, MD to provide experienced (2 - 5 years) Security Software Engineers to work onsite for a 12-month contract to hire.

The appointed Security Engineers will assist the engineering teams to identify and satisfy security requirements in their software throughout the software development lifecycle. They are responsible for equipping teams with the skills and tools required to perform threat modeling and identify/defend against common OWASP Top-10 vulnerabilities. This is accomplished via embedding engineering engagements wherein the security engineer participates in team SDLC activities and pairs up with developers and testers over multiple sprints.


  • Identify and prioritize security requirements deficiencies via threat modeling
  • Design practical strategies to fully satisfy or partially compensate the associated risks of the identified threats
  • Develop a test plan to verify that security requirements have been satisfied, incorporating functional testing and commercial penetration testing tools
  • Automate security tests in Java using tools such as Selenium, REST Assured
  • Assist teams in incorporating security best practices into their sprint activities
  • Educate stakeholders in the engineering team to be able to perform the above activities
  • Design and develop engineering tools to solve common security engineering problems that development teams are facing

Education and Experience


  • Bachelors or Masters in Computer Science, Computer Engineering, or a related field
  • 2+ years of cumulative experience in software development and/or test automation
  • Hands-on experience with object-oriented programming in Java (preferred), C#, or Ruby
  • Solid understanding of common security threats facing the software industry (OWASP Top-10)
  • Basic penetration testing experience using common tools (ex: Burp, Zap)
  • Firm grasp of common software development lifecycles (ex: Agile Scrum, TDD)
  • Demonstrated understanding and application of algorithms to test solutions.
  • Ability to communicate effectively with security novices
  • Firm grasp of SQL and relational database design