Junior Software Engineer

About The Position

Requirements

• Must have 6, or more, months of IT-related experience
• Must be conceptually familiar with databases
• Must be familiar with at least one programming or scripting language and understand the difference between compiled and interpreted languages
• Must be able to maintain a restricted badge and work on site 4+ days per week
• Must have a current IAT Level II certification (Security+ CE) or be able to obtain within 6 months of hire
• Must have, or obtain, an active DoD Secret Security Clearance

Nice To Haves

• Ability to perform manual code reviews to filter false positives from automated tools
• Familiarity with secure programming theory, common software and database vulnerabilities, and remediation processes
• Experience with one or more of the following languages or technologies: .NET, VB, Java, C, C++, JavaScript, Python, PowerShell TFS, JIRA, Git IIS, Tomcat Docker, Kubernetes SQL Server, Oracle Database Angular, MVC, HTML, ASP, Bash, Perl
• Proficiency using Fortify Source Code Analyzer (SCA)
• Strong written, verbal, and interpersonal communication skills
• Microsoft Development certifications (Azure, Foundations, etc.)
• Familiarity with the MDA and BMDS programs

Responsibilities

• Learn to perform software security audits identifying risks associated with software and provide comprehensive security assessments for the MDA IC ISSM
• Identify known vulnerabilities published in the NIST National Vulnerability Database (NVD)
• Discover and compile software dependencies and bills of materials for applications under review
• Use a variety of tools to identify vulnerabilities within software applications
• Use programming, scripting, and query languages to correlate industry best practices for secure software development
• Identify common security issues such as input validation, error and exception handling, logging, access controls, SQL injection, and cross-site scripting (XSS), and articulate mitigation strategies
• Correlate DISA Security Technical Implementation Guide (STIG) vulnerabilities and other policies with discovered findings and document them for broad consumption
• Monitor and manage a queue of software security audit requests
• Assist in developing reporting metrics for team activities
• Interact with requesters to understand use cases, application architecture, and risk mitigation strategies

Benefits

• Medical, Dental, and Vision coverage
• 401(k) with company match
• Paid Time Off (PTO)
• Mission-driven work with opportunities to grow