Vidoori is a digital transformation leader recognized for delivering excellence in cloud and software solutions. As we expand our security engineering capabilities, we are seeking an experienced Security Software Developer to join our team. This role offers the opportunity to design, build and maintain secure software components and developer-focused security tooling, and to collaborate across engineering, product and security teams within an inclusive environment that values continuous learning and practical innovation.
Role Overview - Security Software DeveloperReporting to senior technical leadership, the Security Software Developer will design and implement security features, libraries and automation that integrate into our software delivery lifecycle. The role combines hands on secure coding with collaboration across application, platform and security teams to reduce risk, improve runtime protection and embed security earlier in development. You will work closely with developers, platform engineers and security colleagues to deliver production-ready, secure software and to continuously improve tooling, processes and developer experience.
Key Responsibilities - Secure Development and ToolingDesign, implement and maintain security libraries, SDKs and application-level protections that are secure by design and easy for engineers to adopt.
Develop and integrate security automation and developer tooling into CI/CD pipelines to support shift-left security, automated scanning and feedback loops.
Build runtime defence capabilities such as input validation, secure authentication/authorisation flows, secrets handling, and secure configuration management.
Author and maintain static and dynamic analysis integrations, custom rules or detectors, and remediation guidance to reduce vulnerability introduction and speed up fixes.
Collaborate with application teams to threat-model, define security controls and ensure secure implementation of features across the development lifecycle.
Contribute to secure CI/CD patterns, signing and verification of artifacts, and supply-chain protections to improve provenance and integrity of releases.
Implement logging, telemetry and alerting for security-related events and provide actionable context to support incident detection and response.
Participate in vulnerability triage, root cause analysis and coordinated remediation; contribute to post-incident reviews and preventative measures.
Produce clear developer-focused documentation, secure coding guidelines and runbooks to improve team capability and promote consistent practices.
Engage in threat research and proof-of-concept work to evaluate new defensive techniques, open-source tools and runtime protections.
Bachelor's degree in Computer Science, Engineering or a related discipline, or equivalent practical experience.
Proven experience (typically 3-7 years) in software development with a focus on security, secure design or security engineering within cloud-native environments.
Strong programming skills in one or more languages commonly used for backend and tooling (e.g., Python, Go, Java, C#) and experience producing well-tested, maintainable code.
Experience integrating security tooling (SAST, DAST, SCA, dependency scanning) into CI/CD pipelines and developing custom checks or rules.
Solid understanding of authentication and authorisation standards (OAuth2, OpenID Connect, JWT), secrets management, cryptography basics and secure session handling.
Familiarity with container and orchestration environments (Docker, Kubernetes) and practical experience implementing runtime security controls and image hardening.
Experience with cloud platforms (AWS, Azure or GCP) and applying platform security best practices (IAM, network controls, KMS, secrets stores).
Good knowledge of secure development lifecycle concepts, threat modelling, and common vulnerability classes (OWASP Top Ten, SANS CWE).
Excellent communication skills with the ability to explain security concepts to developers and stakeholders and to produce clear technical documentation.
Professional security certifications (CISSP, CSSLP, OSCP, CEH or cloud provider security certs) are advantageous.
Experience with policy-as-code and enforcement (OPA, Gatekeeper), runtime protection (WAF, RASP, eBPF-based tooling) or service mesh security patterns.
Familiarity with secure software supply chain practices, artifact signing, SBOMs and reproducible builds.
Practical experience contributing to open-source security projects or developing community-facing security tools.
Background in incident response, forensic analysis or red/blue team exercises and knowledge of common detection strategies.
Competitive base salary with performance-related bonus and incentives linked to technical and delivery outcomes.
Flexible working arrangements, including hybrid options to support a healthy work-life balance.
Supportive and inclusive culture with investment in professional development, training, and mentorship opportunities.
Opportunity to influence security strategy, adopt emerging defensive technologies and progress into senior technical or security leadership roles.
Work on high-impact security and software engineering engagements across public sector and commercial clients.
Location: Hybrid (DMV Area)
Employment Type: Full-time, mid to senior-level
Eligibility: U.S. Citizenship Required
Join Vidoori as a Security Software Developer and help us build secure, resilient and developer-friendly software. If you are pragmatic, collaborative and passionate about embedding security into the software delivery lifecycle, we encourage you to apply and contribute to a team dedicated to technical quality and inclusive growth.