Application Compliance & Security Lead

Are you an authority in application security and compliance requirements, with experience in software development and tooling like SAST, DAST, and vulnerability analysis?

Do you thrive in an innovative environment where you can translate complex compliance requirements into practical guidance that empowers development teams?

If so, we'd love to have someone like you join our team at APL!

We are seeking an Application Security Leader to help us ensure our applications meet industry security standards while enabling our developers to work efficiently. You'll be joining our enterprise applications team as the primary authority on application security and CMMC compliance, working at the intersection of compliance requirements, development practices, and security tooling. Our team builds and supports critically important applications across the laboratory, and you'll play a key role in building a security-minded and developer-friendly culture. You'll work with dedicated developers, information protection specialists, and compliance experts who are passionate about protecting sensitive information while delivering innovative solutions.

As an Application Compliance & Security Lead...

Foremost, you will be driving CMMC compliance strategy across our application portfolio, translating sophisticated requirements into actionable security controls that development teams can understand and implement.

• You'll serve as the go-to resource for application teams on security and compliance matters, providing practical guidance on secure development practices and helping teams navigate CMMC, NIST 800-171, SSDF, and DFARS requirements.
• You'll implement and maintain application security tooling including SAST, DAST, SBOM vulnerability analysis, container scanning, and dependency management, integrating these tools into CI/CD pipelines and DevSecOps workflows.
• You'll guide service and project managers through compliance requirements with concrete, SDLC-relevant examples, evaluating data security needs and establishing realistic security boundaries.
• You'll integrate security reviews into agile sprints, remove process bottlenecks by collaborating with GRC and InfoSec teams, and maintain compliance documentation for application security controls.
• You'll train and mentor developers on secure coding standards, conduct security assessments to identify vulnerabilities,

You meet our minimum qualifications for the job if you...

• Have a Bachelor's degree in Computer Science, Information Technology, or similar technical majors.
• 5+ years in cybersecurity, GRC, or compliance and DevSecOps
• Have solid knowledge of the CMMC framework, NIST SP 800-171, SSDF, and/or DFARS requirements, with proven ability to translate compliance frameworks into technical security controls.
• Have software development experience in .NET, Java, Python, or similar languages with a solid grasp of the software development lifecycle.
• Have experience implementing SAST, DAST, SCA, and SBOM tools such as SonarQube, Checkmarx, Veracode, Snyk, or OWASP ZAP.
• Have experience integrating security into CI/CD pipelines using tools like GitLab CI or Azure DevOps, with strong DevSecOps and shift-left security principles.
• Can lead cross-team initiatives and influence without formal authority, with excellent communication skills for both technical and non-technical audiences.
• Are able to obtain a Secret level security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

You'll go above and beyond our minimum requirements if you...

• Have DoD or federal contractor experience with active compliance programs.
• Have led technical teams in development or security roles.
• Hold certifications such as CSSLP, CISSP, Security+, CMMC CCP/RP, CEH, or GIAC.
• Have cloud security experience with AWS, Azure, or GCP.

Why Work at APL?

The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.

At APL, we celebrate our differences of perspectives and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL's campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities athttp://www.jhuapl.edu/careers.

All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law.APL is committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contactAccommodations@jhuapl.edu.

The referenced pay range is based on JHU APL's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level with consideration for internal parity. For salaried employees scheduled to work less than 40 hours per week, annual salary will be prorated based on the number of hours worked. APL may offer bonuses or other forms of compensation per internal policy and/or contractual designation. Additional compensation may be provided in the form of a sign-on bonus, relocation benefits, locality allowance or discretionary payments for exceptional performance. APL provides eligible staff with a comprehensive benefits package including retirement plans, paid time off, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, education assistance, and training and development. Applications are accepted on a rolling basis.