Sr. Software Assurance Engineer/STIG/RMF/Secure Coding/SCA/RedHat
Manassas, VA

Job Description

Job Description

This position is for an Cybersecurity Professional in the Rotary & Mission Systems Engineering and Technical organization, located in Manassas, VA. The Cybersecurity Professional will participate in designing, developing, and implementing security controls to preserve the confidentiality, integrity and availability of information systems. Play a key role in dynamic environment integrating security configuration procedures and tools on Linux platforms.

This includes security life cycle support such as:

* Vulnerability management including patch management using Cybersecurity tools
* Source Code Analysis
* Assess and Authorization including selecting/implementing security controls
* Documentation Review
* Cyber Security testing, evaluation, and reporting
* Platform hardening

Collaboration with Cybersecurity team and other key stakeholders such as the customer, program management, integrators and testers on the platform security will be required to improve the overall security posture. Identify technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls. Adhere to IT security guidance specific to the systems in support of DoD mandates and system missions.

Understanding of secure coding best practices and approaches to applying defensive security techniques. Provide security engineering leadership and expertise in assisting with the development and delivery of security documentation packages consistent with federal requirements, specifically the DOD 8500 series, NIST SP 800-53 and ICD 503. Support assessment and authorization activities with various government authorities and Security Control Assessor (SCA) required system accreditations. Participate in architecture, design and code reviews and provide secure coding guidance and input to the software development team.

Perform Static Code Analysis (SCA) on software code base and work collaboratively with software developers to remedy any code that was constructed that reflects a weak security posture or deviates from secure coding best practices.

Basic Qualifications

1. Must be eligible for US Security Clearance - Secret to start.

2. DoD 8570 certification IAT Level I or II.

3. Experience in RedHat Linux as a competent user (i.e., knowledgeable of some UNIX admin commands and functions).

4. Software development experience in Java, JavaScript, Go, Python or C++. Experienced in one (1) language and familiarity with second software development language.

5. Experienced in Vulnerability Scanning, Vulnerability Remediation, and Secure Configurations support (i.e. DISA STIGS and SRGs)

6. Ability to apply formal cybersecurity methods, develop hypothesis, prove/disprove relationships, always ask why and defend your analysis experience supporting security in classified environments.