Contact Us | Falcon IT & Staffing Solutions

Sr Software Security Developer / Analyst

Job Title
Sr Software Security Developer / Analyst
Job ID
27679155
Work From Home
Yes
Location
Washington DC,  DC
Other Location
Description

We are looking to hire a Senior Software Security Developer/Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

 

As a Software Security Analyst Developer to analyze and implement a common framework to remedy the vulnerabilities detected during Static application security testing (SAST), Dynamic application security testing (DAST) and Penetration Testing across multiple IT applications. You will have in-depth experience across the Security and Compliance domain and the ability to apply this knowledge to drive Secure Solutions and best practices for Secure Software Development.

As a senior individual contributor, you will be responsible for review of application designs for security vulnerabilities and provide corrections as required. As a member of the Application Security team, you will work in a fast-paced environment focused on planning and managing security risk for critical applications.

 

Job Requirements:

· Excellent communication skills, both verbal and written, internal and customer facing.

· Practical on the job experience with AWS Cloud services.

· Develops architectural products and deliverables for the enterprise and operational business lines.

· Extensive knowledge of techniques, standards and capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation

· Advises on selection of technological purchases with regards to processing, data storage, data access, and applications development.

· Demonstrated security development background in large scale enterprise systems

· Sets standards for the client/server relational database structure for the organization

· Advises of feasibility of potential future projects to management.

 

Education/Certifications/Licenses:

· Bachelor's degree in Computer Science, Information Technology, Cyber Security or related field, or equivalent combination of education and experience and training

· 10+ years’ of Software Development experience

· One or more of the following certifications:

o CISSP

o CEH

o CISM

o CCSP

o AWS Certified Solutions Architect

· Active Public Trust 6c clearance or higher or eligible for Public Trust 6c clearance

 

Additional Experience Preferred:

· Experience with governance, risk assessment and compliance for FISMA, FedRAMP, and NIST SP 800 series including NIST SP 800-37 and NIST SP 800-53, system security plans, security and privacy controls, POA&M management, assessment and authorization (A&A), Authority To Operate (ATO) and continuous monitoring processes

· Possesses the skills and applies a comprehensive knowledge across key tasks and high impact assignments.

· Plans and leads major technology assignments.

· Evaluates performance results and recommends major changes affecting short-term project growth and success.

· Experience functioning as a technical expert across multiple project assignments.

· Strong knowledge of the following compiled languages C, C++, C#, or Java

· Expertise in at least one scripting language such as PowerShell, Bash, Perl, Python

· Five or more years of hands-on in reviewing and providing security reviews for applications developed using the leading programming languages - C++, Java, Python, etc.

· Three or more years of experience with OWASP, SANS, NIST frameworks.

· Self-directed ability to drive change & manage multiple projects

· Three or more years of hands-on experience with vulnerability scanning toolkits like Fortify, Tenable, Shiftleft Ocular, Veracode, Avocado, Threat Monitoring, Prevorty, Blackduck.

· Two or more years of hands-on experience analyzing high volumes of logs, and other attack artifacts in support of incident investigations.

· In depth knowledge on Application and Cloud Security industry standards, trends, threats, vulnerabilities, and technology frameworks.

· Agile software development experience.

· Ability to clearly communicate technical concepts to audiences at various skill levels of an IT organization.

 

Position Responsibilities:

· Implement, test, and operate advanced software security techniques in compliance with technical reference architecture

· Generates software documentation and perform verification and validation testing of software to assure all testing requirement are being supported

· Perform on-going security testing and code review to improve software security

· Provide engineering designs for new software solutions to help mitigate security vulnerabilities

· Maintain technical documentation and contribute to all levels of the architecture

· Develop security metrics and measurement capabilities to demonstrate application security, security architecture, and Security Development Lifecycle (SDL) activities

· Guide teams on adoption and execution of a Secure Product Life Cycle (SPLC)

· Collaborate with multiple technical teams to create application security roadmap and strategy

· Work with application teams and provide solutions to address security vulnerabilities identified by various tools.

· Review and provide guidelines on adopting Open Source libraries if security vulnerabilities get addressed on a timely manner.

· Keep abreast of the newer vulnerabilities and attacks.

· Being current and familiar with various security tools to identify and remediate vulnerabilities.

· Conduct frequent webinars with developments teams, educating them on recent attacks and methods to prevent these.

· Educate the application teams on following the best practices in the industry for implementing secure solutions.

· Communicate progress, findings, and ensure successful resolution of issues.

· Build relationships with program leads, developer, operations and CISO teams to understand how to develop plans that effectively manage security risks

Option 1: Create a New Profile