Posted today
Secret
Unspecified
Unspecified
IT - Software
Alexandria, VA (On-Site/Office)
Title: Secure Software Assessment Subject Matter Expert (SME)
Location: Ability to report to either Alexandria, VA or Seaside, CA.
About iWorks : iWorks Corporation, founded in 2005, is a leading provider of information technology and professional services to the federal government. We are a recognized leader in personnel security and vetting solutions, Agile, DevOps, DevSecOps , data analytics, and cloud solutions. Our continuous process improvement approach, combined with our business and technology expertise , results in innovative solutions.
We offer exceptional comprehensive benefits (Medical, Dental, Vision, Life and Disability); 401(k); Health and Wellness Benefits; and Paid Sick Time, Vacation Time, and Holiday Time. You're eligible for bonuses throughout the year as part of our incentive program for innovation and business development. All employees are also considered for an annual raise, commensurate with performance and company commitment.
About this position:
The Secure Software Assessment SME is responsible for ensuring the security of software applications through secure coding practices and code vulnerability assessments. This role leads a team of application security specialists, provides guidance on secure coding practices and static/dynamic analysis methodologies, oversees the execution of application security assessments (including code reviews and vulnerability scans), and provides actionable recommendations to development teams and stakeholders based on assessment findings. The SME develops and maintains application security procedures to promote secure software development practices and supports the integration of security tools within DevSecOps pipelines.
Salary Range: 120k - 200k Commensurate with position title, skills, experience, location, and qualifications
On a day-to-day basis, you will:
Lead a team of application security specialists. Provide guidance on secure coding practices and static/dynamic analysis methodologies. Oversee execution of application security assessments, code reviews, and vulnerability scans. Provide actionable recommendations to development teams and stakeholders. Develop and maintain application security procedures and training resources. Support integration of security tools within DevSecOps pipelines. Track and report on application security metrics and vulnerability trends. Ensure software evaluations meet DCWF Work Role 622 - Secure Software Assessor [Advanced] standards.
Required Education/Qualifications:
Preferred Qualifications:
Please Note: We maintain an on-camera policy for all virtual company meetings to foster engagement and collaboration. Reasonable exceptions may be granted with prior approval from Human Resources and/or the applicable manager or client.
FLSA & EMPLOYMENT STATUS : FLSA EXEMPT AND FULL-TIME POSITION
iWorks Corporation is an Equal Employment Opportunity/Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, Veteran status, sexual orientation, or other protected characteristic.
iWorks is committed to maintaining a safe and productive work environment for all employees and ensuring the security and well-being of our clients. As part of our standard hiring process, we may conduct background checks and drug screenings on potential candidates to assess their suitability for employment.
Location: Ability to report to either Alexandria, VA or Seaside, CA.
About iWorks : iWorks Corporation, founded in 2005, is a leading provider of information technology and professional services to the federal government. We are a recognized leader in personnel security and vetting solutions, Agile, DevOps, DevSecOps , data analytics, and cloud solutions. Our continuous process improvement approach, combined with our business and technology expertise , results in innovative solutions.
We offer exceptional comprehensive benefits (Medical, Dental, Vision, Life and Disability); 401(k); Health and Wellness Benefits; and Paid Sick Time, Vacation Time, and Holiday Time. You're eligible for bonuses throughout the year as part of our incentive program for innovation and business development. All employees are also considered for an annual raise, commensurate with performance and company commitment.
About this position:
The Secure Software Assessment SME is responsible for ensuring the security of software applications through secure coding practices and code vulnerability assessments. This role leads a team of application security specialists, provides guidance on secure coding practices and static/dynamic analysis methodologies, oversees the execution of application security assessments (including code reviews and vulnerability scans), and provides actionable recommendations to development teams and stakeholders based on assessment findings. The SME develops and maintains application security procedures to promote secure software development practices and supports the integration of security tools within DevSecOps pipelines.
Salary Range: 120k - 200k Commensurate with position title, skills, experience, location, and qualifications
On a day-to-day basis, you will:
Required Education/Qualifications:
- Bachelor's degree in a technical discipline or related field and/or 10+ years of progressively complex experience in software development, vulnerability analysis, or application security management.
- Secret Security Clearance.
- Certifications:
- CompTIA Security+
- Certified Information Systems Security Professional (CISSP)
- Familiarity and/or expertise with the following tools and technologies:
- Assured Continuous Assessment Solution (ACAS)
- Endpoint Security Suite (ESS)
- Microsoft Defender for Endpoint/Server (MDE/S)
- Log Management Solution / Security Information and Event Management (SIEM)
- Security Orchestration, Automation, and Response (SOAR)
- User Activity Monitoring (UAM)
- Intrusion Detection System / Intrusion Prevention System (IDS/IPS)
- Cyber Operational Attributes Management System (COAMS) / Continuous Monitoring Risk Scoring (CMRS)
- Tanium
- Privilege Access Management (PAM)
- Central Application Vulnerability Management
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Open Source Library Vulnerability Scanner (OSLVS)
- Container Security (CONSEC):
- Software Supply Chain Management (SSCM)
Preferred Qualifications:
- Experience with Sonatype , GitLab/GitHub CI/CD, container security, Kubernetes, Terraform, or cloud-native security.
Please Note: We maintain an on-camera policy for all virtual company meetings to foster engagement and collaboration. Reasonable exceptions may be granted with prior approval from Human Resources and/or the applicable manager or client.
FLSA & EMPLOYMENT STATUS : FLSA EXEMPT AND FULL-TIME POSITION
iWorks Corporation is an Equal Employment Opportunity/Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, Veteran status, sexual orientation, or other protected characteristic.
iWorks is committed to maintaining a safe and productive work environment for all employees and ensuring the security and well-being of our clients. As part of our standard hiring process, we may conduct background checks and drug screenings on potential candidates to assess their suitability for employment.
group id: 10123966
