top of page

Careers at Teramis

Python Developer – Data Extraction & Security Testing 

Teramis | Remote | Full-Time 

About the Role

We are looking for a Python Developer to join the Teramis product engineering team. Teramis is a cybersecurity data platform purpose-built to help organizations discover and protect DoD Controlled Unclassified data across complex enterprise environments. Day to day, you will write and maintain Python-based data extractors, track down and fix bugs, validate that our code meets security standards using SAST and DAST tooling, and collaborate with the team through GitHub-based workflows. 

This is a hands-on engineering role. You will write, own, debug, and defend real code. We are not looking for someone who can prompt an AI tool into producing output, we are looking for an engineer who understands what the code does, why it is structured the way it is, and what happens when it breaks. 

NOTE

This role requires demonstrable, first-principles coding ability. Candidates are expected to write, explain, and debug code during the interview process without AI assistance. If you cannot articulate the reasoning behind your design decisions or walk through code line by line, this is not the right role. 

Key Responsibilities 

Data Extractor Development 

  • Write and maintain Python-based extractors that collect, parse, and normalize data from diverse sources: file systems, databases, REST APIs, cloud storage (AWS S3, Azure Blob, GCP GCS), email systems, and endpoint agents. 

  • Build parsers for structured and unstructured content types (JSON, XML, CSV, Office documents, PDF, binary formats) with thorough error handling and edge-case coverage. 

  • Optimize extraction pipelines for throughput and correctness; understand the performance tradeoffs of your implementation choices and be able to explain them. 

  • Implement robust retry logic, backoff strategies, and fault tolerance so extractors behave predictably under real-world conditions. 

Bug Detection & Remediation 

  • Identify, reproduce, isolate, and fix bugs in existing extractor code and platform components using structured debugging techniques, debuggers, profilers, logging, and systematic root-cause analysis. 

  • Triage bug reports from QA and internal stakeholders, assess severity and impact, and prioritize remediation accordingly. 

  • Write regression coverage for fixed bugs to prevent recurrence. 

  • Communicate clearly about what a bug is, what caused it, and what the fix does, not just that it is resolved. 

Secure Code Validation (SAST & DAST) 

  • Run and interpret results from SAST tools (Bandit, Semgrep, SonarQube, or equivalent) as part of the standard development workflow; assess findings with informed judgment and act on those that represent genuine risk. 

  • Execute DAST scans against Teramis API surfaces and extractor endpoints using tools such as OWASP ZAP or Burp Suite; document findings and work with the team to remediate. 

  • Understand common vulnerability classes (OWASP Top 10, CWE/SANS Top 25) well enough to recognize them in code review, not just in automated scan output. 

  • Contribute to security validation checklists and participate in pre-release security review gates. 

GitHub & Collaborative Development 

  • Work within the team’s GitHub-based workflow: branching strategy, pull requests, code reviews, and maintaining a clean, meaningful commit history. 

  • Conduct and receive code reviews with substantive technical feedback, catching logic errors, security weaknesses, and maintainability issues, not just style nits. 

  • Maintain and update technical documentation alongside code changes so the codebase stays understandable. 

  • Participate in architecture and design discussions with working knowledge, not just familiarity. 

Required Qualifications

  • 3+ years of professional Python development experience shipping production software, not academic or tutorial projects. 

  • Extractor or parser experience: you have built data ingestion, ETL, or parsing pipelines and can speak in detail to the design choices, failure modes, and performance characteristics of what you built.

  • CS fundamentals: solid working knowledge of data structures (trees, graphs, queues, hash maps), algorithm complexity (Big-O), and memory management. You can reason through a problem from first principles without looking it up. 

  • Debugging discipline: you use debuggers, profilers, and structured isolation to find bugs,  not trial-and-error copy-paste. You can debug code you did not write. 

  • SAST/DAST experience: hands-on use of at least one SAST tool (Bandit, Semgrep, SonarQube, or similar) and one DAST tool (OWASP ZAP, Burp Suite, or similar). You can read scan output critically and distinguish genuine risk from noise. 

  • GitHub proficiency: branching, pull requests, code review, resolving merge conflicts, and maintaining a clean commit history. You treat version control as part of the engineering discipline, not an afterthought. 

  • Working knowledge of OWASP Top 10 and CWE/SANS Top 25 vulnerability classes, sufficient to recognize them in code, not just in a scan report. 

  • Experience consuming REST APIs and handling authentication schemes (OAuth 2.0, API keys, JWT) at the code level. 

  • Proficiency with Python concurrency: threading, multiprocessing, asyncio,  and an understanding of when each is appropriate. 

  • Working knowledge of Linux/Unix environments and shell scripting. 

  • U.S. citizenship or permanent residency required. 

IMPORTANT

We are not looking for developers who rely on AI code generation tools as a primary means of producing code. Candidates must be able to write Python fluently by hand, explain every design decision they make, and debug code they did not write. AI tools may be used as a productivity aid for documentation or research, not as a substitute for engineering knowledge. Interview exercises will be conducted without AI assistance. 

Required Qualifications

  • Experience building data discovery, classification, or DLP tooling. 

  • Familiarity with file format internals (Office Open XML, PDF structure, email MIME) at the byte or object level. 

  • Experience with cloud-native data sources: S3, Azure Blob Storage, Google Cloud Storage, SharePoint Online, OneDrive. 

  • Knowledge of containerization and writing production-ready Docker images. 

  • Experience with GitHub Actions for CI/CD pipeline automation, including integrating SAST scans into the build pipeline. 

  • Familiarity with threat modeling approaches (STRIDE, MITRE ATT&CK) as they relate to data pipelines. 

  • Relevant certifications: CSSLP, GWAPT, or CompTIA Security+. 

  • Experience with FedRAMP authorization processes or operating within a FedRAMP-authorized environment is not required but is a significant differentiator. 

What to Expect in Our Interview Process 

Our process is designed to assess real engineering ability. We do not rely solely on behavioral interviews or take-home projects that can be outsourced. Expect the following: 

  • Technical screen: a live conversation about your past work, with detailed questions about extractors or parsers you have built and the decisions behind them. 

  • Live coding exercise: conducted in a shared editor without AI tools. You will write Python, walk through it verbally, and debug a provided code sample. 

  • SAST/DAST exercise: you will be given scan output from a real tool and asked to evaluate the findings, identify which represent genuine risk, and describe how you would remediate them. 

  • Code review exercise: you will review a Python code sample and provide substantive feedback on correctness, security weaknesses, and maintainability. 

Candidates who can speak fluently to what they have built, why it is designed the way it is, and how they would change it today will do well. Candidates who cannot explain code they claim to have written will not advance. 

Work Environment & Expectations

  • Fully remote; must be based in the United States. 

  • Must maintain a secure, dedicated workspace. 

  • All work is performed under NDA; discretion and professional judgment are non-negotiable. 

Equal Opportunity Employer

We are an equal opportunity employer committed to building a diverse team. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. 

Apply Today!

bottom of page