Senior Application Security

The Space Telescope Science Institute (STScI) is a multi-mission science operations center for NASA’s flagship observatories. Our world-class astronomical research center is based on the Johns Hopkins University Homewood campus in Baltimore, Maryland. We are seeking a Senior Application Security & Cloud Engineer to join our growing Cloud Center of Excellence central engineering team working on NASA flagship Space Telescope missions that are revolutionizing our understanding of the universe. This position can support hybrid work. Candidates must reside in or be willing to relocate to our local market. (MD, DE, VA, PA, DC & WV). This position requires US Citizenship or Permanent Residence in order to meet ITAR requirements.In this role, you'll play a key role in building secure, scalable cloud environments and embedding application security practices into our cloud software delivery lifecycle supporting our space observatories like the Hubble Space Telescope, the James Webb Space Telescope and the Nancy Grace Roman Space Telescope (Roman). Roman is a survey telescope slated for launch in late 2026 and expected to generate 20 PB of data in 5 years. The data from Roman will be mainly processed in the Cloud; in addition, a Science Platform hosted in the Cloud will enable transformational science with Roman data by providing a rich computing environment that will allow broad, low-barrier access to data, computing, and software resources. The STScI also hosts the Mikulski Archive for Space Telescopes (MAST) archive that contains data from more than 20 missions. In this role you will collaborate with cross-functional teams to design, deploy, and maintain secure cloud architecture, automate security processes, and ensure compliance with industry regulations and best practices. Your expertise in AWS cloud infrastructure automaton, Infrastructure as Code (IaC), and DevOps principles will be vital in supporting Roman & enabling world-class scientific discoveries through these pioneering telescope programs. This role will be part of the Cloud Center of Excellence (CCoE) team responsible for managing, supporting central cloud framework, existing cloud applications and helping roll out new cloud application infrastructure with IaC templates in coordination with the engineering teams and supporting continued improvement of the cloud environment. The ideal candidate brings a strong background in AWS, DevOps, and application security (AppSec), along with hands-on experience with leading security testing tools. Responsibilities: Design, implement, and maintain secure AWS cloud infrastructure using Infrastructure as Code. Build and optimize CI/CD pipelines to ensure secure, reliable application delivery. Own and enhance AWS cloud workload related CI/CD pipelines framework, ensuring SAST, DAST, SCA, and container scans are embedded into every deployment. Partner with development teams to shift security left, and address vulnerabilities early in the SDLC and promote secure coding practices. Automate security policies, compliance checks, and remediation workflows. Collaborate with cross-functional teams to champion DevSecOp culture across the organization. Support compliance initiatives (SOC2, ISO27001 etc.). Required Qualifications: 8+ years of experience in cloud engineering, DevOps, or security engineering. Strong AWS expertise (IAM, VPC, EC2, EKS/ECS, S3, RDS, Lambda). Familiarity with Zero Trust, IAM best practices, secrets management, and KMS. Proven experience with Infrastructure as Code (Terraform, AWS CDK, CloudFormation). Hands-on experience with CI/CD platforms (Jenkins, GitHub Actions, GitLab CI, or AWS CodePipeline). Familiarity with containers and orchestration (Docker, Kubernetes, EKS). Application security expertise, with practical knowledge of SAST, DAST, and SCA tools (Snyk, Checkmarx, Veracode, SonarQube). Understanding of security frameworks and best practices (OWASP, NIST, CIS benchmarks). Strong scripting/automation skills (Python, Bash, or similar). Preferred Qualifications: AWS Professional or Specialty certifications (e.g., AWS Certified Security, DevOps Engineer – Professional). Experience with secrets management tools (HashiCorp Vault, AWS Secrets Manager). Exposure to SOAR platforms or automated security response systems. Education: Bachelor’s degree in Information Technology, Computer Science, or related field Employer retirement contribution – direct STScI contribution of 10% of your salary from your first day 12 days sick leave, up to 24 days’ vacation, and 10 paid holidays Flexible work schedule with healthywork/life balance Comprehensive medical/dental/vision/prescription plans, and more Salary range is $110k to $140k. Application link - Applications received by12/26/2025will receive full consideration. Applications received after this date will be considered until the position is filled.