Static Code Analysis - Cyber Engineer

  • Bloomington, IN
  • Posted 31 days ago | Updated 31 days ago

Overview

On Site
Depends on Experience
Full Time
10% Travel

Skills

DevSecOps practices
Strong scripting
programming
POA&Ms
STIG

Job Details

TRISTAR is an Static Code Analysis - Cyber Engineer for our upcoming government customer in Bloomington, IN

Position Description:

  • The Static Code Analysis - Cyber Engineer Analyze and review the existing IA/cyber security documentation, implementation, and testing and provide recommendations for changes/updates
  • Provide extensive knowledge and capability in utilization of static code analysis tools such as Sonarqube software and adjudication of findings
  • Provide software support for container and Kubernetes hardening in compliance with the RAISE 2.0 Implementation Guide and NSA & CISA Kubernetes Hardening Guidance v1.1 and DISA Container Hardening Guide v1.1

Position Responsibilities:

  • Analyze static code to identify and mitigate security vulnerabilities
  • Maintain and update POA&Ms to track and prioritize security measures
  • Perform STIG checklists to ensure compliance with security standards
  • Interface with customers to provide timely updates, guidance, and information on application security
  • Collaborate with cross-functional teams to implement and enforce security best practices
  • Stay abreast of the latest security trends, threats, and technologies to continuously improve security measures

Position Requirements:

  • Experience as a software developer/engineer. Able to understand and analyze code, preferably from a C# perspective
  • Proven experience in application security, including analyzing static code
  • Strong knowledge of POA&Ms and experience in maintaining and updating them
  • Familiarity with STIG checklists and the ability to perform security assessments
  • Excellent communication skills with the ability to interface with customers effectively
  • Knowledge of industry-standard security frameworks and best practices
  • Relevant certifications such as CISSP, CSSLP, or equivalent are a plus
  • Must have active Secret Clearance or the ability to obtain one

Preferred Skills:

  • Experience with automated security testing tools
  • Familiarity with DevSecOps practices
  • Strong scripting and programming skills

Education and Certification:

  • Bachelor's degree in Computer Science, Information Security, or related field
  • IAT level II certification with DoD 8570 (Example CompTIA Security Plus) or willingness to obtain prior to start date


COVID Policy: TRISTAR does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed in accordance with contract when work is performed at a customer site.


TRISTAR is an Equal Opportunity Employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, disability or veteran status