Staff Application Security Engineer

About the role

The Nuclear Company is searching for an Application Security Engineer to help secure the software, data systems, and developer workflows that power our Nuclear Operating System, internal platforms, and mission-critical applications. This is a high-ownership role for a builder who is equally comfortable reviewing application architecture, threat modeling an API, improving GitHub security controls, and partnering directly with engineers to ship secure software quickly. You will work across product engineering, platform engineering, data science, infrastructure, and operations to embed security into the way we design, build, test, and deploy software. You will help define secure development standards, review high-impact product designs, harden CI/CD workflows, and guide teams through vulnerability remediation in a practical, risk-based way. This role reports to the Senior Manager for Application and Product Security.

Responsibilities

• Application & Product Security
• Perform security reviews and threat models for NOS modules, internal tools, APIs, data workflows, AI-enabled features, and cloud-connected applications.
• Partner with engineering teams to identify and remediate risks across authentication, authorization, tenant isolation, input validation, secrets handling, encryption, logging, and data access.
• Review application designs and code changes for security issues before they become production risk.
• Define reusable security patterns for web applications, APIs, mobile workflows, internal platforms, and data-heavy systems.
• Help establish secure-by-default approaches for applications that support regulated, high-consequence infrastructure.
• Secure SDLC & Developer Enablement
• Build and improve DevSecOps practices across the GitHub-based software development lifecycle, including code scanning, dependency review, secret scanning, branch protections, CI/CD hardening, and secure developer workflows.
• Partner with engineering teams to create paved roads: secure templates, checklists, automation, documentation, and lightweight review processes that help teams move faster with confidence.
• Triage and prioritize application security findings from SAST, SCA, secrets scanning, penetration tests, code reviews, and internal assessments.
• Develop pragmatic vulnerability management workflows, remediation guidance, and engineering-facing metrics.
• Support secure coding education through design reviews, office hours, documentation, and hands-on partnership with developers.
• Platform, Cloud & Data Security
• Collaborate with cloud and platform engineers to secure AWS workloads, infrastructure-as-code, service integrations, data pipelines, and deployment workflows.
• Review integrations involving Palantir Foundry, partner APIs, internal data platforms, and AI-assisted engineering workflows.
• Help secure sensitive data flows across application, platform, and operational environments.
• Partner with infrastructure and developer teams to ensure application events, audit logs, and security signals are captured in ways that support investigation and response.
• Navigate the security expectations of a regulated nuclear energy environment, including relevant cybersecurity frameworks and critical infrastructure considerations.
• Cross-Functional Partnership
• Serve as a trusted security partner to software engineers, product managers, data engineers, infrastructure teams, and business stakeholders.
• Communicate risk clearly and practically, balancing security, delivery speed, product usability, and operational impact.
• Contribute to the application and product security roadmap as the company scales from early-stage systems to fleet-scale operations.
• Help build a culture of ownership, velocity, and technical rigor across engineering and cybersecurity.

Requirements

• 4+ years of experience in application security, product security, software security, or software engineering with a strong security focus.
• Hands-on experience reviewing, building, or securing modern software systems, including web applications, APIs, distributed systems, or cloud-native services.
• Strong understanding of common application security risks, including authentication, authorization, access control, injection, insecure deserialization, SSRF, secrets exposure, dependency and supply chain risk, and insecure API design.
• Experience with secure SDLC tooling and workflows such as GitHub Advanced Security, CodeQL, Dependabot, SAST, SCA, secret scanning, CI/CD security, or equivalent

Additional Information

The Nuclear Company is the fastest growing startup in the nuclear and energy space creating a never before seen fleet-scale approach to building nuclear reactors. Through its design-once, build-many approach and coalition building across communities, regulators, and financial stakeholders, The Nuclear Company is committed to delivering safe and reliable electricity at the lowest cost, while catalyzing the nuclear industry toward rapid development in America and globally.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at thenuclearcompany? Share your experience