Senior Software Security Developer/Analyst

Company: Iron Vine Security, LLC
Location: Washington
Posted on: November 26, 2022

Job Description:

Position Summary:Iron Vine Security is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire a Senior Software Security Developer/Analyst to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.As a Software Security Analyst Developer to analyze and implement a common framework to remedy the vulnerabilities detected during Static application security testing (SAST), Dynamic application security testing (DAST) and Penetration Testing across multiple IT applications. You will have in-depth experience across the Security and Compliance domain and the ability to apply this knowledge to drive Secure Solutions and best practices for Secure Software Development.As a senior individual contributor, you will be responsible for review of application designs for security vulnerabilities and provide corrections as required. As a member of the Application Security team, you will work in a fast-paced environment focused on planning and managing security risk for critical applications.Job Requirements: --- Excellent communication skills, both verbal and written, internal and customer facing. --- Practical on the job experience with AWS Cloud services. --- Develops architectural products and deliverables for the enterprise and operational business lines.--- Extensive knowledge of techniques, standards and capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation--- Advises on selection of technological purchases with regards to processing, data storage, data access, and applications development.--- Demonstrated security development background in large scale enterprise systems--- Sets standards for the client/server relational database structure for the organization--- Advises of feasibility of potential future projects to management.Education/Certifications/Licenses:--- Bachelor's degree in Computer Science, Information Technology, Cyber Security or related field, or equivalent combination of education and experience and training--- 10+ years' of Software Development experience--- One or more of the following certifications:o CISSPo CEHo CISMo CCSPo AWS Certified Solutions Architect--- Active Public Trust 6c clearance or higher or eligible for Public Trust 6c clearance Additional Experience Preferred:--- Experience with governance, risk assessment and compliance for FISMA, FedRAMP, and NIST SP 800 series including NIST SP 800-37 and NIST SP 800-53, system security plans, security and privacy controls, POA&M management, assessment and authorization (A&A), Authority To Operate (ATO) and continuous monitoring processes--- Possesses the skills and applies a comprehensive knowledge across key tasks and high impact assignments. --- Plans and leads major technology assignments. --- Evaluates performance results and recommends major changes affecting short-term project growth and success. --- Experience functioning as a technical expert across multiple project assignments. --- Strong knowledge of the following compiled languages C, C++, C#, or Java--- Expertise in at least one scripting language such as PowerShell, Bash, Perl, Python--- Five or more years of hands-on in reviewing and providing security reviews for applications developed using the leading programming languages - C++, Java, Python, etc.--- Three or more years of experience with OWASP, SANS, NIST frameworks.--- Self-directed ability to drive change & manage multiple projects--- Three or more years of hands-on experience with vulnerability scanning toolkits like Fortify, Tenable, Shiftleft Ocular, Veracode, Avocado, Threat Monitoring, Prevorty, Blackduck.--- Two or more years of hands-on experience analyzing high volumes of logs, and other attack artifacts in support of incident investigations.--- In depth knowledge on Application and Cloud Security industry standards, trends, threats, vulnerabilities, and technology frameworks.--- Agile software development experience.--- Ability to clearly communicate technical concepts to audiences at various skill levels of an IT organization.Position Responsibilities:--- Implement, test, and operate advanced software security techniques in compliance with technical reference architecture--- Generates software documentation and perform verification and validation testing of software to assure all testing requirement are being supported--- Perform on-going security testing and code review to improve software security--- Provide engineering designs for new software solutions to help mitigate security vulnerabilities--- Maintain technical documentation and contribute to all levels of the architecture--- Develop security metrics and measurement capabilities to demonstrate application security, security architecture, and Security Development Lifecycle (SDL) activities--- Guide teams on adoption and execution of a Secure Product Life Cycle (SPLC)--- Collaborate with multiple technical teams to create application security roadmap and strategy--- Work with application teams and provide solutions to address security vulnerabilities identified by various tools.--- Review and provide guidelines on adopting Open Source libraries if security vulnerabilities get addressed on a timely manner.--- Keep abreast of the newer vulnerabilities and attacks.--- Being current and familiar with various security tools to identify and remediate vulnerabilities.--- Conduct frequent webinars with developments teams, educating them on recent attacks and methods to prevent these.--- Educate the application teams on following the best practices in the industry for implementing secure solutions.--- Communicate progress, findings, and ensure successful resolution of issues.--- Build relationships with program leads, developer, operations and CISO teams to understand how to develop plans that effectively manage security risks Skills & Requirements Qualifications NOTES:Iron Vine Security is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws.Iron Vine Security is a federal contractor. As such, we are subject to an Executive Order requiring all employees of federal contractors to be fully vaccinated for COVID-19 by December 8, 2021. Therefore, by applying for this position, you understand that you will be required to verify that you have been, or will be, fully vaccinated by December 8, or to verify that you cannot be vaccinated due to a legally recognized exception to the vaccine mandate set forth in the Executive Order.Note: An individual is not considered to be fully vaccinated until two weeks after receiving the second vaccine dosage in a vaccine regimen involving two vaccines.

Keywords: Iron Vine Security, LLC, Washington DC , Senior Software Security Developer/Analyst, Professions , Washington, DC