Sr Software Security Developer / Analyst
- Job Title
- Sr Software Security Developer / Analyst
- Job ID
- Work From Home
- Washington DC, DC
- Other Location
We are looking to hire a Senior Software Security Developer/Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.
As a Software Security Analyst Developer to analyze and implement a common framework to remedy the vulnerabilities detected during Static application security testing (SAST), Dynamic application security testing (DAST) and Penetration Testing across multiple IT applications. You will have in-depth experience across the Security and Compliance domain and the ability to apply this knowledge to drive Secure Solutions and best practices for Secure Software Development.
As a senior individual contributor, you will be responsible for review of application designs for security vulnerabilities and provide corrections as required. As a member of the Application Security team, you will work in a fast-paced environment focused on planning and managing security risk for critical applications.
· Excellent communication skills, both verbal and written, internal and customer facing.
· Practical on the job experience with AWS Cloud services.
· Develops architectural products and deliverables for the enterprise and operational business lines.
· Extensive knowledge of techniques, standards and capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
· Advises on selection of technological purchases with regards to processing, data storage, data access, and applications development.
· Demonstrated security development background in large scale enterprise systems
· Sets standards for the client/server relational database structure for the organization
· Advises of feasibility of potential future projects to management.
· Bachelor's degree in Computer Science, Information Technology, Cyber Security or related field, or equivalent combination of education and experience and training
· 10+ years’ of Software Development experience
· One or more of the following certifications:
o AWS Certified Solutions Architect
· Active Public Trust 6c clearance or higher or eligible for Public Trust 6c clearance
Additional Experience Preferred:
· Experience with governance, risk assessment and compliance for FISMA, FedRAMP, and NIST SP 800 series including NIST SP 800-37 and NIST SP 800-53, system security plans, security and privacy controls, POA&M management, assessment and authorization (A&A), Authority To Operate (ATO) and continuous monitoring processes
· Possesses the skills and applies a comprehensive knowledge across key tasks and high impact assignments.
· Plans and leads major technology assignments.
· Evaluates performance results and recommends major changes affecting short-term project growth and success.
· Experience functioning as a technical expert across multiple project assignments.
· Strong knowledge of the following compiled languages C, C++, C#, or Java
· Expertise in at least one scripting language such as PowerShell, Bash, Perl, Python
· Five or more years of hands-on in reviewing and providing security reviews for applications developed using the leading programming languages - C++, Java, Python, etc.
· Three or more years of experience with OWASP, SANS, NIST frameworks.
· Self-directed ability to drive change & manage multiple projects
· Three or more years of hands-on experience with vulnerability scanning toolkits like Fortify, Tenable, Shiftleft Ocular, Veracode, Avocado, Threat Monitoring, Prevorty, Blackduck.
· Two or more years of hands-on experience analyzing high volumes of logs, and other attack artifacts in support of incident investigations.
· In depth knowledge on Application and Cloud Security industry standards, trends, threats, vulnerabilities, and technology frameworks.
· Agile software development experience.
· Ability to clearly communicate technical concepts to audiences at various skill levels of an IT organization.
· Implement, test, and operate advanced software security techniques in compliance with technical reference architecture
· Generates software documentation and perform verification and validation testing of software to assure all testing requirement are being supported
· Perform on-going security testing and code review to improve software security
· Provide engineering designs for new software solutions to help mitigate security vulnerabilities
· Maintain technical documentation and contribute to all levels of the architecture
· Develop security metrics and measurement capabilities to demonstrate application security, security architecture, and Security Development Lifecycle (SDL) activities
· Guide teams on adoption and execution of a Secure Product Life Cycle (SPLC)
· Collaborate with multiple technical teams to create application security roadmap and strategy
· Work with application teams and provide solutions to address security vulnerabilities identified by various tools.
· Review and provide guidelines on adopting Open Source libraries if security vulnerabilities get addressed on a timely manner.
· Keep abreast of the newer vulnerabilities and attacks.
· Being current and familiar with various security tools to identify and remediate vulnerabilities.
· Conduct frequent webinars with developments teams, educating them on recent attacks and methods to prevent these.
· Educate the application teams on following the best practices in the industry for implementing secure solutions.
· Communicate progress, findings, and ensure successful resolution of issues.
· Build relationships with program leads, developer, operations and CISO teams to understand how to develop plans that effectively manage security risks