The Air Combat Command's 67th Cyberspace Wing (67 CW), 346th Test Squadron (346TS) plans, executes, and contributes as both an operational and participating test organization in a full array of operational tests of various cyber weapons in coordination with the 318 Range Squadron (318RANS) who provides instrumented cyber range services, through both physical hardware and virtual systems. 

In support of this mission, ANALYGENCE is seeking an Ops System and Applications Security Architect to ensure security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes. Responsibilities include:

Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews.Apply secure code documentationCapture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedulesDevelop threat model based on customer interviews and requirementsConsult with engineering staff to evaluate interface between hardware and softwareEvaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.Identify basic common coding flaws at a high levelIdentify security implications and apply methodologies within centralized and decentralized environments across the enterprise’s computer systems in software developmentIdentify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of lifePerform integrated quality assurance testing for security functionality and resiliency attackConduct risk analysis whenever an application or system undergoes a major changeAddress security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testingStore, retrieve, and manipulate data for analysis of system capabilities and requirementsTranslate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteriaPerform penetration testing as required for new or updated applicationsConsult with customers about software system design and maintenanceDirect software programming and development of documentationSupervise and assign work to programmers, designers, technologists and technicians, and other engineering and scientific personnelAnalyze and provide information to stakeholders that will support the development of security application or modification of an existing security applicationAnalyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandatesConduct trial runs of programs and software applications to ensure that the desired information is produced, and instructions and security levels are correctDevelop secure software testing and validation proceduresDevelop and perform system testing and validation procedures, programming, and documentation, secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilitiesDetermine and document software patches or the extent of releases that would leave software vulnerablePosition requires travel up to 25%Current Top Secret clearance with SCI eligibilityBachelor's degree in a related field and a minimum of 3 years of experience in a related roleIAT Level III certification required.Must be able to support travel up to 25%Knowledge of computer networking concepts and protocols, and network security methodologiesKnowledge of risk management processes (e.g., methods for assessing and mitigating risk), laws, regulations, policies, and ethics as they relate to cybersecurity and privacyKnowledge of cybersecurity and privacy principles, cyber threats and vulnerabilities and specific operational impacts of cybersecurity lapses, methods that apply to software development and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)Knowledge of complex data structures, computer programming principles, the organization's enterprise information security architecture and the organization's evaluation and validation requirementsKnowledge of local area and wide area networking principles and concepts including bandwidth management, low-level computer languages (e.g., assembly languages), programming language structures and logic and operating systemsKnowledge of Privacy Impact Assessments, system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org), software debugging principles, software design tools, methods, and techniquesExperience with software development models (e.g., Waterfall Model, Spiral Model), software engineering, structured analysis principles and methodsKnowledge of system design tools, methods, and techniques, including automated systems analysis and design tools, web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language), interpreted and compiled computer languages and secure coding techniquesKnowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization), software quality assurance processKnowledge of supply chain risk management standards, processes, and practicesKnowledge of critical infrastructure systems with information communication technology that were designed without system security considerationsKnowledge of secure software deployment methodologies, tools, practices, network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth) and security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA])Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing)Knowledge of Personally Identifiable Information (PII) data security standards, Payment Card Industry (PCI) data security standards, Personal Health Information (PHI) data security standardsKnowledge of information technology (IT) risk management policies, requirements, and procedures, embedded systems, penetration testing principles, tools, and techniquesKnowledge of root cause analysis techniquesKnowledge of Application Security Risks (e.g., Open Web Application Security Project Top 10 list)Skill in conducting vulnerability scans, recognizing vulnerabilities in security systems, designing countermeasures to identified security risks, developing and applying security system access controls and discerning the protection needs (i.e., security controls) of information systems and networksSkill in integrating black box security testing tools into quality assurance process of software releases, secure test plan design (e. g. unit, integration, system, acceptance)Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic)Skill in using code analysis tools and performing root cause analysis.Ability to use and understand complex mathematical concepts (e.g., discrete math)Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations