Job Description:
• Reports to the SEAP Cyber team manager
• Support the SEAP Program (SUSTAINMENT TO EXISTING APPLICATIONS PORTFOLIO).
• Perform web application scanning & application security assessments.
• Perform manual application testing to identify vulnerabilities or deviations from software standards.
• Provide timely and detailed reports, with proofs of findings and analysis of risk.
• Assist with integration of static & dynamic web application assessments into secure SLDC lifecycles
• Use SharePoint and other collaboration tools to collect, monitor, and manipulate C&A documentation through the collection, review, approval, and final distribution processes.
• Supports the SEAP Program and related teams in areas of Risk Management Framework (RMF) for DoD IT, DoD/Army Regulations, Incident Response, Software Assurance, and related Cyber disciplines.
• Work closely with representatives from other divisions and branches (IT, Networking, etc.) to request information, provide clarification, and validate findings, evidence, and POA&M statements.
• Maintain and meet deliverable schedules. Must be proactive in obtaining information from multiple internal and external teams to complete requirements on schedule.
• Additional details of positions will be provided to qualified applicants.
Requirements:
• Minimum 2 years’ relevant experience.
• Bachelor’s degree in Information Technology, Computer Science, or related field. Substantial experience in lieu of degree may be considered.
• Current DoD 8570.01-M Information Assurance Technical IAT Level II (IAT II) baseline certification, such as Security+ CE. Uncertified candidates cannot be considered.
• U.S. citizen with active DoD SECRET level security clearance. Uncleared candidates cannot be considered.
• Development background is required.
• Microsoft .NET or Java development experience required. Microsoft .NET is preferred.
• Knowledge of SDLC methodologies.
• Intermediate to advanced knowledge of secure code development practices and OWASP Top 10 web application security issues.
• Web services development and design with integrated security engineering experience.
• Requires excellent English verbal and writing skills including report generation, presentations, and technical writing.
• Highly organized with the ability to independently maintain schedules and meet deadlines.
• Experience with supporting assessment of IT systems compliance with Federal IT Security standards. (NIST 800-53, FISMA, etc.)
• 3-7 years of web application development related work experience.
• Experience performing manual and automated code review and penetration tests for complex applications.
• Experience with static code scanning tools (Fortify, AppScan, etc.)
• Experience with dynamic analysis tools (Burp, Zaprozy, SQLMap, BeEF, DAVtest, dirb, fierce, curl, hping, etc.)
• Technical understanding of database, web server, and operating system security as well as application security in leading cloud platforms.
• Knowledge of security systems and controls, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Understanding of data handling privacy standards to include PII and PHI.
• Familiarity with DISA application security related Security Technical Implementation Guides (STIGs) and RMF implementation.
• Veterans with prior Army/DoD Cybersecurity experience highly desired.
Benefits:
• Eleven Federal Holidays
• Paid Time Off accrued each pay period
• Parental Leave
• Three medical plan choices with generous employer contribution
• Dental and Vision Insurance
• Company paid Short-Term and Long-Term Disability
• Company paid Life and AD&D Insurance
• 401k with competitive matching and vesting schedule
• Continuing education assistance
• Short Term / Long Term Disability & Life Insurance
• Medical, Dependent Care and Commuter Flexible Spending Accounts
• Employee Assistance Program
• Wellness benefits include Calm Health app and WellHub gym subsidy (formerly GymPass)
• 529 College Savings Plan
• Legal Insurance
• Pet Insurance