Software Engineer

Software Engineer

• Perform comprehensive security assessments of identified and applied security controls. Provide summaries of initial assessments in Security Assessment Reports (SAR) that address the technical evaluation and results of assessment, identify weaknesses or deficiencies, and recommend corrective actions for risk mitigation.
• Perform and assess the degree to which a system is compliant with operating system, network, and application security STIG reviews.
• Perform host and network based security control assessments, determine residual security risks, Prepare assessment test reports, prepare and assess test plans, and provide formal recommendations in support of authorization.
• Review and analyze the findings that identify security issues on the system. You shall compile results and finding into a final Security Assessment Report, along with assessments and recommendations for remediation.
• Conduct testing and scanning via modern techniques and scanning tools, including manually (software and hardware) used either remotely or locally on the systems to evaluate compliance and to identify security vulnerabilities, threats, risks, and gaps. You will review and analyze the findings that identify security issues on the system.
• Scanning source code, auditing results with development and/or security teams and offering plans for remediation of vulnerabilities.
• Install, configure, and maintain laboratory environments and equipment used in these security vulnerability assessments. Implement, administer, and troubleshoot lab network infrastructure devices, such as switches, routers, and user workstations, including virtual machines.

• University Degree BS in CS/CE/EE/Cyber Security or equivalent experience
• Knowledge and experience in security disciplines including, but not limited to, software security, operations security, administrative security, and communications security.
• Knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
• Ability to develop best practices for processes and standards that will better the system.
• Knowledge of security system design tools, methods, and techniques.
• Knowledge of known vulnerabilities from alerts, advisories, and bulletins
• Knowledge and experience in modern programming languages, C, C, C#, Python, etc.
• Knowledge and experience in Linux, Microsoft Windows, and Microsoft Office applications.
• Knowledge of IP networking and equipment installation, configuration, and maintenance.

• Working knowledge of information system security controls and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
• Experienced in system testing methodologies that include: Penetration testing, Configuration analysis, Security best practices validation
• Experienced in CodeSonar, Black Duck, Whitesource, Burp, Coverity, Nessus, Nexpose
• Experienced in security testing and penetration tools that include: Kali Linux, Metasploit, Nmap, Wireshark, Red / Blue team assessment experience.