Minimum Security Clearance
Intel Agency (NSA, CIA, FBI, etc) Clearance
- ACTIVE TS/SCI with Polygraph REQUIRED |
Location
Herndon, Virginia 20171 (map)
 Workplace: On-Site/Office
Travel: Not Specified
|
|
Job Responsibilities:
The successful candidate is responsible for the development of a Secure Coding Standard that will be published to the Sponsor's software development community.
Job Duties:
- Research, outline, author and/or modify documentation describing secure coding practices and application security.
- Identify and understand the Sponsor's development practices, environment and culture.
- Recommend and document industry best practices, and any other unique considerations applicable to the Sponsor environment, to ensure secure, consistent coding practices across the community.
- Propose and help develop training and awareness campaigns to educate the Sponsor development community about the adopted Secure Coding Standard and application security in general.
- Perform research on new attacks, write white papers, and present on those findings to internal audiences.
- The ideal candidate will have in-depth experience protecting against web and web services security vulnerabilities including cross-site scripting, SQL injection, DoS attacks, XML/SOAP, API attacks, email security flaws and more.
- Reports to task PM, but may serve as a technical team or task leader.
- Maintains current knowledge of relevant technology as assigned.
- Participates in special projects as required, including actual software development/integration tasks.
Education/Equivalent Training Required:
Bachelors Degree in Computer Science, Engineering, or a related technical discipline, or the equivalent combination of education, technical training, or work/military experience.
ISC2 Certified Secure Software Lifecycle Professional (CSSLP) certification highly desired.
Experience Required:
Extensive programming and application development experience in multiple languages such as Java, C/C++, and scripting languages such as Ruby and Perl.
3-5 years of experience with software security and secure coding standards.
Experience with all phases of the Software/System Development Lifecycle (SDLC).
Unique/Additional Requirements:
- Requires active TS/SCI with Polygraph
- Requires exemplary writing skills and persuasive verbal communication abilities.
- Strong experience with the MS Office suite of tools.
- Experience with automated static code analysis tools (e.g., Fortify).
- Knowledge of the OWASP Top 10 and CWE Top 25 vulnerabilities.
- Knowledge of Certification and Accreditation (C&A) processes, NIST SP 800-37 (Risk Management Framework) and/or NIST SP 800-53a (technical security controls) is helpful.
Additional skills that may be useful:
a) Familiarity with CERT C/JAVA Secure Coding Standards and other secure coding bodies of work.
b) Web-based client software skills, which may include but are not limited to: HTML, JavaScript, ExtJS JavaScript framework
c) Server-side Java software skills, which may include but are not limited to: Struts, JSTL, JSPs and servlets, java programming, JDBC
d) Database skills with at least a proficiency in Structured Query Language (SQL), experience with Oracle and SQL Server preferred. Knowledge of relational database design patterns preferred.
e) Programming skills with respect to security of web-based software systems.
|
Preferences
5+ yrs experience
Employee
Industry Category: Software Development
|
|
|
|
