Static & Dynamic Source Code Analysis:
• Ideal candidate will have software development experience with common web application languages including Java, Python, & Perl including an emphasis on secure application development practices.
• Ideal Candidate will have experience using HP Fortify for static code analysis.
o Performing source code scans.
o Analyzing results to determine remediation prioritization identify false positives, best practices, etc.
o Documenting results and working with AppDev for resolution/remediation
o Client reporting
• Candidate must be able to perform manual code reviews for code languages not capable of being scanned via COTS tools o Groovy
• Candidate should have experience in performing dynamic code analysis across web applications.
o Preferred skills in using IBM Rational AppScan for Dynamic code analysis.
o Analyzing results to determine remediation prioritization identify false positives, best practices, etc.
o Documenting results and working with AppDev for resolution/remediation.
o Client reporting
• Other
Daily administration, management, deployment, upgrading, etc. of HP Fortify and IBM Rational AppScan.
o Working across technical teams to support code analysis processes and procedures.
Security Assessment & Authorization Experience:
• The ideal candidate will have experience and strong knowledge of NIST SP 800-53 Revision 4.
• Candidate should have experience reviewing security control implementations for compliance with US Government Standards.
• Candidate should have experience supporting 3rd Party Assessment/Audit activities o Ability to track artifact requests and responses.
o Provide status updates to project executives on assessment progress.
o Ability to “translate” artifact requests into an actionable item for infrastructure teams.
o Ability to summarize implementation details from technical teams to describe security control implementations.
• Candidate should have experience reviewing solutions during both design and implementation phases for proper implementation of security controls based upon a risk assessment.
Technical Experience:
• Strong understanding of IT Security.
• General understanding of Security Compliance and Security Operations.
• Experience working in a virtual environments (i.e. VMware).
• General understanding of network devices, core web portal infrastructure equipment, and web portal architectures.
• General understanding of Linux & Windows operating systems.
Other:
• Strong verbal and written communication skills.
• Effective teammate and willing to works across functional team areas.