As the Software Security Engineer, you will manage risk and maintain the security of our cloud-based applications and software supporting Department of Defense (DoD) programs. You will be responsible for software security risk management, developing threat models, performing testing and analysis, and ensuring software compliance with DoD cybersecurity and privacy policies.
DUTIES & RESPONSIBILITIES:
•Establish and manage processes and procedures, consistent with DoD DevSecOps and Security Development Lifecycle for Agile Development (SDL-Agile) and ensure application security requirements are addressed during each phase of the development pipeline.
•Translate security requirements into application design elements including documenting the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
•Analyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandates, e.g. NIST 800-53, STIGs, SRGs.
•Perform risk analysis (e.g., threat, vulnerability, probability of occurrence) whenever a software application undergoes a major change.
•Apply coding and testing standards, apply security testing tools (including "fuzzing" static-analysis code scanning tools), conduct code reviews, and apply secure code documentation, e.g. Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Penetration Testing, etc.
•Conduct trial runs of programs and software applications to ensure the desired information is produced and instructions and security levels are correct.
•Perform secure program testing, review, and/or assessment to identify potential flaws.
•Support the Information System Security Officer (ISSO) in the testing and application of applicable Security Technical Instruction Guides (STIG) and Security Requirements Guides (SRG). Requirements
EDUCATION AND EXPERIENCE:
•B.A or B.S degree. Five years of direct relevant experience in a similar role may be substituted for degree
•3-10 years of development experience; including 2 years in a similar role
•IAM/IAT Level III certification,
•Microsoft .NET C#, and SQL experience
•Static Application AST, DAST, Penetration testing experience
KNOWLEDGE AND QUALIFICATIONS:
•Experience applying cybersecurity principles and methods that apply to software development.
•Knowledge of programming language structures and logic.
•Knowledge of secure configuration management techniques.
•Knowledge of software debugging principles, design tools, methods, and techniques.
•Knowledge of software development models and secure coding techniques
•Knowledge of system and application security threats and vulnerabilities.
•Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
•Knowledge of root cause analysis techniques and skill in performing root cause analysis
•Knowledge of Personally Identifiable Information (PII) data security standards.
•Knowledge of security architecture concepts and enterprise architecture reference models
•Knowledge and experience of AWS GovCloud network and configuration standards
•Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
•Skill in using code analysis tools and integrating black box security testing tools
•Skill in secure test plan design (e. g. unit, integration, system, acceptance).
•Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).
** FOR IMMEDIATE CONSIDERATION PLEASE SEND YOUR MOST UPDATED RESUME TO WESTON.WALKER@RHT.COM **
Technology doesn't change the world. People do.
As a technology staffing firm, we can't think of a more fitting mantra. We're extreme believers in technology and the incredible things it can do. But we know that behind every smart piece of software, every powerful processor, and every brilliant line of code is an even more brilliant person.
Leader among IT staffing agencies
The intersection of technology and people - it's where we live. Backed by more than 65 years of experience, Robert Half Technology is a leader among IT staffing agencies. Whether you're looking to hire experienced technology talent or find the best technology jobs, we are your IT expert to call.
We understand not only the art of matching people, but also the science of technology. We use a proprietary matching tool that helps our staffing professionals connect just the right person to just the right job. And our network of industry connections and strategic partners remains unmatched.
Apply for this job now or contact our branch office at 888-490-4429 to learn more about this position.
All applicants applying for U.S. job openings must be authorized to work in the United States. All applicants applying for Canadian job openings must be authorized to work in Canada.
2019 Robert Half Technology. An Equal Opportunity Employer M/F/Disability/Veterans.