Software Security Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or Information Technology or related field of study required.
• Minimum of 5 years’ industry experience with at least three years in software development and at least two years in auditing and vulnerability testing.
• Proficiency with Python, C/C++ and an understanding of operating systems, and network protocols.
• Experience performing penetration testing (ethical hacking) and security scans.
• At least one certification: CompTIA Security+, CISSP, OSCP, or SANS/GIAC.
• Experience with the full software development life cycle, including system design, threat modeling, and secure code implementation.
• Familiarity with encryption devices and secure key management required.
• Familiarity with embedded software defined tactical radio security required.
• Experience with threat modeling, secure coding practices, and identification of software vulnerabilities.
• Experience with cybersecurity scanning tools; Nessus, Qualys VMDR, Trivy, or Rapid7.
• Experience with NIST, ISO 27001, CIS Controls or OWASP.
• C++, Python, or Java.
• Distributed revision control systems (GitHub).
• Analytical, attention to detail, and able to communicate thought process both written and verbally.
• Able to work independently as well as in a team environment.
• Strong collaborative drive and interpersonal skills.
• Strong initiative, proactive work ethic and prioritization skills.
• Trustable judgement and analytical problem-solving skills.
• Effective execution and decision making.
• Champion of change and promotes innovation.
• Strong written and verbal communication skills.
• U.S. Citizenship.

Responsibilities

• Conduct software product security assessments and vulnerability testing.
• Regular scanning and penetration testing.
• Threat analysis.
• Static and dynamic analysis and security testing.
• Maintain currency of evolving security threats, technologies, and regulatory changes.
• Analyze and review functional system design specifications, and ensure security policy compliance.
• Participate in software system architectural and component design reviews.
• Reverse engineer software components for hidden bugs or malicious code.
• Evaluate and ensure secure COMSEC key and certificate distribution, authentication, and assignment.
• Investigate security related incidents.
• Determine root cause and verify mitigation updates.
• Document and present product security compliance using standard professional practices and corporate defined engineering processes.
• FIPS 140 compliance.
• NIST STIG compliance.
• Develop relationships with team members built on trust and respect.

Benefits

• Pays competitively according to the market in an individual's geographic location, in addition to their qualifications and experience.