Secure Software Assessor - Life Cycle Engineering
St. Louis, MO 63118
About the Job
Secure Software Assessor:
Position Summary:
As Secure Software Assessor, you will provide secure code analysis and testing to the National Geospatial-Intelligence Agency (NGA) in St. Louis, MO. You will analyze the security of new or existing computer applications, software, or specialized utility programs and provide actionable results.
Clearance Requirement:
This position description represents a summary of the major components and requirements of the outlined job. Other duties and responsibilities may be assigned or required as business needs dictate. Questions regarding this description should immediately be addressed to the department manager or to Human Resources.
LIFE CYCLE ENGINEERING
Life Cycle Engineering (LCE) is a privately held, employee-owned company with an emphasis on "doing the right thing the right way”, which applies to the way we treat our customers and employees. We are proud to have been recognized as a "Best Place to Work” for 17 years running! Learn more below and at www.lce.com.
Mission
Our mission is to enable people and organizations to achieve their full potential.
As a professional services organization, our mission is focused on our clients' people and organizations. It is our company's cornerstone belief that we will not lead the industry in assisting our clients unless we excel at helping our own people and teams reach their full potential.
Culture
Our corporate culture encourages personal and professional growth because LCE's success depends on the talent, innovation, professionalism, and commitment of its employees. LCE is a strengths-based organization focused on turning individual talents into strengths and then turning individual strengths into organizational performance that supports our clients' success.
Benefits
Life Cycle Engineering (LCE) shall abide by the requirements of 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, these regulations require that LCE take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, because of or on the basis of pregnancy, childbirth, or related medical conditions, including, but not limited to, lactation, and any other status protected by applicable state law. In addition, LCE will not discharge or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant. LCE shall also abide by the requirements of 29 CFR Part 471, Appendix A.
Position Summary:
As Secure Software Assessor, you will provide secure code analysis and testing to the National Geospatial-Intelligence Agency (NGA) in St. Louis, MO. You will analyze the security of new or existing computer applications, software, or specialized utility programs and provide actionable results.
Clearance Requirement:
- Must have an active DoD Top Secret/SCI security clearance
- Analyze the security of new or existing computer applications, software, or specialized utility programs and provide actionable results.
- Provide System Owner with guidance on effective implementation of NGA software code analysis tool(s) during the SDLC to include:
- Specify what source code will be evaluated.
- Integrate scans within software build processes.
- Provide integration of software code analysis within NGA DevOps environments.
- Update and maintain code analysis tools (such as Client Fortify) in NGA's DevOps environments.
- Analyze problem reports and identify corrective actions to remediate security issues in code prior to the software transitioning from development to operations.
- Recommend new code analysis tools and innovative techniques to strengthen software assurance processes.
- Deploy the appropriate automated application security testing tools.
- Support efforts to integrate software assurance tool into the automated testing/automated pipeline methodologies.
- Evaluate commercial products for use and integration into the agencies Software Assurance.
- Assist in the development of policies and guidance regarding Software Assurance.
- Support automation evaluation tools as it pertains to Software Assurance.
- Bachelor's degree in a technical field
- Requires an IAT Level 2 certification (Security+ or equivalent)
- Requires two penetration testing certifications (CEH, GPEN, GWAT, GCIH, LPT, CPT or equivalent)
- Three (3) years' experience in secure code analysis
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of cybersecurity and privacy principles, cyber threats and vulnerabilities.
- Knowledge of complex data structures.
- Knowledge of organization's enterprise information security architecture.
- Knowledge of organization's evaluation and validation requirements.
- Knowledge of cybersecurity and privacy principles and methods that apply to software development.
- Knowledge of operating systems.
- Knowledge of programming language structures and logic.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Knowledge of secure configuration management techniques.
- Knowledge of software debugging principles.
- Knowledge of software design tools, methods, and techniques.
- Knowledge of software development models (e.g., Waterfall Model, Spiral Model).
- Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
- Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language).
- Knowledge of interpreted and compiled computer languages.
- Knowledge of secure coding techniques.
- Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).
- Regular physical activity to include walking, climbing stairs, bending, stooping, reaching, lifting (up to 15 pounds), and standing; occasional prolonged sitting
- Ability to speak, read, hear and write, with or without assistance
- Ability to use phone and computer systems, copier, fax and other office equipment
This position description represents a summary of the major components and requirements of the outlined job. Other duties and responsibilities may be assigned or required as business needs dictate. Questions regarding this description should immediately be addressed to the department manager or to Human Resources.
LIFE CYCLE ENGINEERING
Life Cycle Engineering (LCE) is a privately held, employee-owned company with an emphasis on "doing the right thing the right way”, which applies to the way we treat our customers and employees. We are proud to have been recognized as a "Best Place to Work” for 17 years running! Learn more below and at www.lce.com.
Our mission is to enable people and organizations to achieve their full potential.
As a professional services organization, our mission is focused on our clients' people and organizations. It is our company's cornerstone belief that we will not lead the industry in assisting our clients unless we excel at helping our own people and teams reach their full potential.
Culture
Our corporate culture encourages personal and professional growth because LCE's success depends on the talent, innovation, professionalism, and commitment of its employees. LCE is a strengths-based organization focused on turning individual talents into strengths and then turning individual strengths into organizational performance that supports our clients' success.
Benefits
- Affordable Medical/Dental/Vision Plans for employees and their families
- Free Employee Life and Disability Insurance, with supplemental coverage options available
- Health Savings Account and Flexible Savings Account options
- Company matched 401(k) & company-funded Employee Stock Ownership Program (ESOP)
- Paid Vacation, Holiday, Sick Leave
- Continuing Education and Professional Development programs at all levels
- Flexible Schedules and Relaxed Dress Code
- Employer-sponsored events, social collaboration, and open communication
- Free access to an extensive online training library, including certification prep
- Bonus Program for outstanding contributions, Employee Referral Program, numerous Recognition Opportunities, and more…
Life Cycle Engineering (LCE) shall abide by the requirements of 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, these regulations require that LCE take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, because of or on the basis of pregnancy, childbirth, or related medical conditions, including, but not limited to, lactation, and any other status protected by applicable state law. In addition, LCE will not discharge or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant. LCE shall also abide by the requirements of 29 CFR Part 471, Appendix A.
Source : Life Cycle Engineering