Software Assurance Engineer

November 12

Apply Now

Receive Emails with Similar Jobs

Agile Defense

WebsiteLinkedInAll Job Openings

IT Engineering Support Services • Cybersecurity Support Services • C4ISR Support Services • Systems Integration Support Services • Robotics Process Automation

501 - 1000 employees

🏛️ Government

🔒 Cybersecurity

Description

• At Agile Defense we know that action defines the outcome and new challenges require new solutions. • Our vision is to bring adaptive innovation to support our nation's most important missions • Required Certification(s): CISSP (or equivalent), GCSA or possess a willingness to pursue certifications after hire • SUMMARY: The United States Patent and Trademark Office (USPTO), Cybersecurity Division, has a requirement to establish a white-box testing capability within USPTO. • A successful candidate will have verifiable experience in white-box testing, secure coding, static code analysis, dynamic application security testing, architecture security, Application Programmatic Interface (API) validation and communication skills. • JOB DUTIES AND RESPONSIBILITIES • Perform code reviews to identify flaws in the development of custom applications that handle sensitive IP data • Drive configuration auditing through review of system and network configurations • Execute access controls to validate and assess whether internal access controls effectively enforce the principle of least privilege • Generate reports that highlight security weaknesses uncovered during white-box testing • Ensure that critical issues are resolved before new software releases or system updates go live • Research, test, build, and coordinate the conversion and/or continuous integration pipelines and toolchains based on client requirements. • Design and develop new software products or major enhancements to existing software to support security operations. • Address problems of systems integration, compatibility, automation and orchestrations. • Assesses cloud security architectures and provide recommendations to improve overall infrastructure security and methods to automate security testing of applications moving through the CI/CD pipeline. • Required Certifications: CISSP (or equivalent), GCSA or possess a willingness to pursue certifications after hire • Education, Background, and Years of Experience: Bachelor’s degree/University degree or equivalent experience

Requirements

• CISSP (or equivalent), GCSA or possess a willingness to pursue certifications after hire • 1+ years of relevant experience with most of the requirements below • Security Architecture reviews • DevSecOps CI/CI pipelines standards and best practices • Application Programming Interface (API) development and testing • Extensive experience working with White-Box testing methodologies and techniques • Static Application Security Testing tools. e.g., SonarQube, Veracode, Fortify • Dynamic Application Security Testing tools. e.g., OpenText Fortify WebInspect, Veracode, Invicti • Experience leveraging the MITRE ATT&CK Framework • Vulnerability Assessment tools. e.g., Nessus, Qualys, Rapid7 • Exploitation frameworks, e.g., Metasploit, CANVAS, Core Impact • Deep understanding of OSI model • Security devices, i.e. Firewalls, VPN, AAA systems • OS Security. e.g. Unix/Linux, Windows, OSX • Understanding of common protocols. e.g. HTTP, LDAP, SMTP, DNS • Web application infrastructure. e.g. Application Servers, Web Servers, Databases • Demonstrated ability to collaborate with a variety of analytical groups and service delivery organizations • Advanced analytical and problem-solving skills • Consistently demonstrates clear and concise written and verbal communication • Proficient in interpreting and applying policies, standards and procedures • Demonstrated ability to remain unbiased in a diverse working environment • Web development and programming languages. e.g. Python, Perl, Ruby, Java, .Net