We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Software Security Engineer (SME)

Agile Defense, LLC
United States, Virginia, Alexandria
Dec 10, 2024
At Agile Defense we know that action defines the outcome and new challenges require new solutions. That's why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.
Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility-leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation's vital interests.
Requisition #614
Job Title: Software Security Engineer
Location: REMOTE
Clearance Level: Active DoD - Public Trust
Required Certification(s):
* Certifications: CISSP (or equivalent), GCSA or possess a willingness to pursue certifications after hire
SUMMARY
The United States Patent and Trademark Office (USPTO), Cybersecurity Division, has a requirement to establish a white-box testing capability within USPTO by adding contractor expertise to engage with existing system and product owners with the goal of supplementing companion effort penetration testing services. This effort will enhance data security protections by evaluating USPTO systems, with a specific focus on sensitive Business Impact Information (BII) systems that contain Intellectual Property (IP) and PII.
A successful candidate will have verifiable experience in white-box testing, secure coding, static code analysis, dynamic application security testing, architecture security, Application Programmatic Interface (API) validation and communication skills. Strong technical capabilities, and an understanding of in-scope systems to the organization with respect to operational impact, is important as a key function of the role is to work closely with defensive partners.
JOB DUTIES AND RESPONSIBILITIES
* Perform code reviews to identify flaws in the development of custom applications that handle sensitive IP data, particularly those involving complex data transformations, encryption, or proprietary algorithms.
* Drive configuration auditing through review of system and network configurations for misconfigurations or insecure settings that could lead to exploitation.
* Execute access controls to validate and assess whether internal access controls effectively enforce the principle of least privilege and prevent unauthorized access to IP data.
* Generate reports that highlight security weaknesses uncovered during white-box testing and provide actionable remediation steps.
* Ensure that critical issues are resolved before new software releases or system updates go live, especially if they affect data-sharing processes or BII systems.
* Research, test, build, and coordinate the conversion and/or continuous integration pipelines and toolchains based on client requirements.
* Design and develop new software products or major enhancements to existing software to support security operations.
* Address problems of systems integration, compatibility, automation and orchestrations.
* Assesses cloud security architectures and provide recommendations to improve overall infrastructure security and methods to automate security testing of applications moving through the CI/CD pipeline.
* Consult with project teams and end users to identify application requirements.
* Perform feasibility analysis on potential future projects to management.
* Assist in the evaluation and recommendation of application software packages, application integration and testing tools.
* Resolve problems with software and responds to suggestions for improvements and enhancements.
Education, Background, and Years of Experience
* 5+ years of relevant experience with most of the requirements below
* Bachelor's degree/University degree or equivalent experience
ADDITIONAL SKILLS & QUALIFICATIONS
Required Skills
* Security Architecture reviews
* DevSecOps CI/CI pipelines standards and best practices
* Application Programming Interface (API) development and testing
* Extensive experience working with White-Box testing methodologies and techniques
* Static Application Security Testing tools. e.g., SonarQube, Veracode, Fortify
* Dynamics Application Security Testing tools. e.g., OpenText Fortify WebInspect, Veracode, Invicti
* Experience leveraging the MITRE ATT&CK Framework
* Vulnerability Assessment tools. e.g., Nessus, Qualys, Rapid7
* Exploitation frameworks, e.g., Metasploit, CANVAS, Core Impact
* Deep understanding of OSI model
* Security devices, i.e., Firewalls, VPN, AAA systems
* OS Security. e.g., Unix/Linux, Windows, OSX
* Understanding of common protocols. e.g., HTTP, LDAP, SMTP, DNS
* Web application infrastructure. e.g., Application Servers, Web Servers, Databases
* Demonstrated ability to collaborate with a variety of analytical groups and service delivery organizations
* Advanced analytical and problem-solving skills
* Consistently demonstrates clear and concise written and verbal communication
* Proficient in interpreting and applying policies, standards, and procedures
* Demonstrated ability to remain unbiased in a diverse working environment
Preferred Skills
* Web development and programming languages. e.g. Python, Perl, Ruby, Java, .Net
WORKING CONDITIONS
Environmental Conditions
* Office environment
Strength Demands
* Sedentary - 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
Physical Requirements
* Stand or Sit
Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are.
Happy - Be Infectious.
Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.
Helpful - Be Supportive.
Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.
Honest - Be Trustworthy.
Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.
Humble - Be Grounded.
Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.
Hungry - Be Eager.
Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.
Hustle - Be Driven.
Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35 (c)
Apply for this job
Applied = 0

(web-86f5d9bb6b-4zvk8)