Back to all jobs
- Seniority
- Staff
About the role
<p><span class="TextRun SCXW174644119 BCX0" lang="EN-US" data-contrast="auto"><span class="NormalTextRun SCXW174644119 BCX0">The Nuclear Company is the fastest growing startup in the nuclear and energy space creating a never before seen fleet-scale approach to building nuclear reactors. Through its design-once, build-many approach and coalition building across communities, regulators, and financial stakeholders, The Nuclear Company is committed to delivering safe and reliable electricity at the lowest cost, while catalyzing the nuclear industry toward rapid development in America and globally.</span></span></p>
<p><strong><span class="TextRun SCXW174644119 BCX0" lang="EN-US" data-contrast="auto"><span class="NormalTextRun SCXW174644119 BCX0">About the role</span></span></strong></p>
<p><span data-contrast="auto">The Nuclear Company is searching for an </span><strong><span data-contrast="auto">Application Security Engineer</span></strong><span data-contrast="auto"> to help secure the software, data systems, and developer workflows that power our Nuclear Operating System, internal platforms, and mission-critical applications. This is a high-ownership role for a builder who is equally comfortable reviewing application architecture, threat modeling an API, improving GitHub security controls, and partnering directly with engineers to ship secure software quickly.</span><span data-ccp-props="{}"> </span></p>
<p><span data-contrast="auto">You will work across product engineering, platform engineering, data science, infrastructure, and operations to embed security into the way we design, build, test, and deploy software. You will help define secure development standards, review high-impact product designs, harden CI/CD workflows, and guide teams through vulnerability remediation in a practical, risk-based way.</span><span data-ccp-props="{}"> </span></p>
<p><span data-contrast="auto">This role reports to the Senior Manager for Application and Product Security.</span></p>
<p><strong><span class="EOP SCXW174644119 BCX0" data-ccp-props="{"134245417":false,"201341983":0,"335559740":240}">Responsibilities</span></strong></p>
<p><strong><span data-contrast="none"><span data-ccp-parastyle="heading 3">Application & Product Security</span></span></strong><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Perform security reviews and threat models for NOS modules, internal tools, APIs, data workflows, AI-enabled features, and cloud-connected applications. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Partner with engineering teams to identify and remediate risks across authentication, authorization, tenant isolation, input validation, secrets handling, encryption, logging, and data access. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Review application designs and code changes for security issues before they become production risk. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Define reusable security patterns for web applications, APIs, mobile workflows, internal platforms, and data-heavy systems. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Help establish secure-by-default approaches for applications that support regulated, high-consequence infrastructure. </span><span data-ccp-props="{"335559739":0}"> </span></li>
</ul>
<p><strong><span data-contrast="none"><span data-ccp-parastyle="heading 3">Secure SDLC & Developer Enablement</span></span><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></strong></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Build and improve DevSecOps practices across the GitHub-based software development lifecycle, including code scanning, dependency review, secret scanning, branch protections, CI/CD hardening, and secure developer workflows.</span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Partner with engineering teams to create paved roads: secure templates, checklists, automation, documentation, and lightweight review processes that help teams move faster with confidence. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Triage and prioritize application security findings from SAST, SCA, secrets scanning, penetration tests, code reviews, and internal assessments. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Develop pragmatic vulnerability management workflows, remediation guidance, and engineering-facing metrics. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Support secure coding education through design reviews, office hours, documentation, and hands-on partnership with developers. </span><span data-ccp-props="{"335559739":0}"> </span></li>
</ul>
<p><strong><span data-contrast="none"><span data-ccp-parastyle="heading 3">Platform, Cloud & Data Security</span></span><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></strong></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Collaborate with cloud and platform engineers to secure AWS workloads, infrastructure-as-code, service integrations, data pipelines, and deployment workflows. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Review integrations involving Palantir Foundry, partner APIs, internal data platforms, and AI-assisted engineering workflows. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Help secure sensitive data flows across application, platform, and operational environments. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Partner with infrastructure and developer teams to ensure application events, audit logs, and security signals are captured in ways that support investigation and response. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Navigate the security expectations of a regulated nuclear energy environment, including relevant cybersecurity frameworks and critical infrastructure considerations. </span><span data-ccp-props="{"335559739":0}"> </span></li>
</ul>
<p><strong><span data-contrast="none"><span data-ccp-parastyle="heading 3">Cross-Functional Partnership</span></span></strong><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Serve as a trusted security partner to software engineers, product managers, data engineers, infrastructure teams, and business stakeholders. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Communicate risk clearly and practically, balancing security, delivery speed, product usability, and operational impact. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Contribute to the application and product security roadmap as the company scales from early-stage systems to fleet-scale operations. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Help build a culture of ownership, velocity, and technical rigor across engineering and cybersecurity. </span><span data-ccp-props="{"335559739":0}"> </span></li>
</ul>
<p><strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Experience</span></strong></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">4+ years of experience in application security, product security, software security, or software engineering with a strong security focus. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Hands-on experience reviewing, building, or securing modern software systems, including web applications, APIs, distributed systems, or cloud-native services. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Strong understanding of common application security risks, including authentication, authorization, access control, injection, insecure deserialization, SSRF, secrets exposure, dependency and supply chain risk, and insecure API design. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Experience with secure SDLC tooling and workflows such as GitHub Advanced Security, CodeQL, Dependabot, SAST, SCA, secret scanning, CI/CD security, or equivalent platforms. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Ability to read and reason about code in at least one modern programming language such as Python, TypeScript, Go, Java, C#, or C++.</span><strong><span data-contrast="auto"> </span></strong><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Familiarity with AWS security concepts, including IAM, logging, encryption, networking, secrets management, and infrastructure-as-code. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Strong communication skills and the ability to work directly with engineers to solve security problems without creating unnecessary friction. </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="8" data-aria-level="1"><span data-contrast="auto">Have a strong grasp of offensive security to anticipate risks from an adversary’s perspective, not just check compliance boxes. </span><span data-ccp-props="{"335559739":0}"> </span></li>
</ul>
<p><span data-contrast="none"><span data-ccp-parastyle="heading 2">Preferred Qualifications</span></span><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Experience securing software in regulated, industrial, energy, national security, aerospace, medical, or other mission-critical environments.</span></li>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Familiarity with AI-assisted development tools, LLM-enabled applications, prompt-injection risks, model/tool integrations, or AI software supply chain concerns. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Experience with vulnerability management, penetration testing, experience with DAST tools, or incident response. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Familiarity with frameworks or standards such as OWASP ASVS, OWASP Top 10, OWASP API Security Top 10, NIST CSF, NIST 800-53, SOC 2, IEC 62443, or NERC CIP. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Security certifications such as AWS Certified Security – Specialty or OSWE</span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Genuine interest in nuclear energy, critical infrastructure, hard-tech, and applying software security to physical systems. </span><span data-ccp-props="{"335559739":0}"> </span></li>
</ul>
<p><strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Benefits</span></strong></p>
<ul>
<li><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Competitive compensation packages</span></li>
<li><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">401k with company match</span></li>
<li><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Medical, dental, vision plans</span></li>
<li><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Generous vacation policy, plus holidays</span></li>
</ul>
<p><strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Estimated Starting Salary Range<br></span></strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">The estimated starting salary range for this role is $150,000 - $173,000 annually less applicable withholdings and deductions, paid on a bi-weekly basis. The actual salary offered may vary based on relevant factors as determined in the Company’s discretion, which may include experience, qualifications, tenure, skill set, availability of qualified candidates, geographic location, certifications held, and other criteria deemed pertinent to the particular role. </span></p>
<p><strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">EEO Statement<br></span></strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">The Nuclear Company is an equal opportunity employer committed to fostering an environment of inclusion in the workplace. We provide equal employment opportunities to all qualified applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other protected characteristic. We prohibit discrimination in all aspects of employment, including hiring, promotion, demotion, transfer, compensation, and termination.</span></p>
<div><strong>Export Control</strong><br>Certain positions at The Nuclear Company may involve access to information and technology subject to export controls under U.S. law. Compliance with these export controls may result in The Nuclear Company limiting its consideration of certain applicants.</div>
<div> </div>
<div><strong>Recruiting Fraud Alert</strong><br>Your safety is our priority. We want to ensure your job search stays secure. Please note that the team at The Nuclear Company only communicates through official <strong>@thenuclearcompany.com</strong> email addresses. We will never ask for payments or sensitive financial information at any stage of our recruitment process. For your peace of mind, please verify all openings and submit your applications directly through <a href="https://www.thenuclearcompany.com/careers"><strong>our official careers page</strong></a>.</div>
Perks & benefits
- 401k
- Vision Insurance
- Pension Matching
747,000+ hidden jobs like this
The Nuclear Company and thousands of companies post here first — often days before LinkedIn or Indeed. Your first 5 applications are free; go Pro to apply without limits.
Everything Pro unlocks:
- Unlimited applications — free stops at 5
- Track every application in one place
- Apply straight to the source, one click
- Save & organize roles you love
- Roles pulled from company boards before the big sites
