Software Security Developer SME

About The Position

Requirements

• Bachelor’s degree in science, technology, engineering, and math (STEM) field and nine (9) years IT security (Cybersecurity) experience; OR No Bachelor’s Degree with eleven (11) or more years of IT security (Cybersecurity) experience
• Excellent communication skills, both verbal and written
• Agile development experience
• Excellent active listening skills
• Ability to discuss technical issues with non-technical, executive-level government officials

Nice To Haves

• Certified Application Security Engineer (CASE) Certification or Certified Secure Software Lifecycle Professional (CSSLP) Certification.
• Certified Ethical Hacker (CEH) Certification or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP).
• AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer Professional.
• DevSecOps & CI/CD: GitLab CI, Jira, Jenkins, Docker, Kubernetes, Infrastructure as Code (Terraform, CloudFormation), automated security scans, blue-green deployments, branching strategy and implementation.
• Cloud-computing: concepts, capabilities, and applications as they relate to storage, processing, and dissemination and overall security.
• Cross-Team Collaboration: Working with multi-disciplinary teams to fulfill stakeholder requirements.
• Security & Compliance: NIST, FISMA, CIS Benchmarks, Zero Trust, FedRAMP, secure code reviews (SAST/DAST), incident response, threat modeling, vulnerability assessment, IDS/IPS (Snort/Suricata)
• Cloud & Virtualization: AWS (GovCloud, EC2, Lambda, ECS, EKS), Azure (VMs, Azure DevOps), container orchestration, microservices hardening
• Programming & Automation: Python, Java, Bash, PowerShell, scripted workflows, data parsing, security tooling
• Data & Analytics: SQL (MySQL, PostgreSQL), NoSQL (MongoDB, DynamoDB), Splunk, ELK Stack, Tableau, real-time logging/monitoring
• Leadership & Collaboration: Resource management, cross-functional coordination, Agile/Scrum methodologies, continuous improvement, mentorship
• Application Programming: Building web application programming interfaces (API) using standards established in NIST SP 800-204.
• Security Controls Assessments: Performing Security Control Assessment in compliance with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series quality standards.

Responsibilities

• Managing source code using industry version-control best practices.
• Researching new techniques and technologies to stay current in software development methodologies and tools.
• Utilizing code validation tools to ensure that source code is valid, is properly structured, meets industry standards, is secure, and is compatible with browsers, devices, or operating systems.
• Collaborating with stakeholders to define needs and/or specifications and develop proposed solutions.
• Testing and integrating developed software applications into the operational baseline.
• Performing test-driven development utilizing strong unit testing techniques to include test cases mimicking external interfaces and addressing all browser and device types.
• Modifying or enhancing existing software to correct errors, to adapt it to new hardware, or to upgrade interfaces and improve performance.
• Creating technical models, architectural artifacts, and/or prototypes that include physical, interface, logical, or data models (e.g., model view controller (MVC) programming practices).
• Sharing actionable/valuable information with colleagues and leadership and engaging with community as resident expert.
• Preparing reports and consulting with customers and other stakeholders to advise on technical issues, provide operational support, respond to questions, and offer status updates.
• Developing DevOpsSec (CI/CD) pipelines and incorporating security protocols while deploying infrastructure as code (IaC)
• Supporting security control assessments.
• Identifying opportunities to refine current and/or implement new security processes to continuously improve the program’s overall security posture.
• POA&M resolution support.

Benefits

• Generous and flexible time-off policy
• Flexible work schedules and telework options, including remote work availability for eligible projects
• Career development opportunities including a mentorship program, technical and management training through Dev University, hands-on learning through DevLab, tuition reimbursement, and paid training opportunities
• Industry-leading benefits including a choice of two health plans that include dental and vision, flexible spending account, commuter benefits, life insurance, and more
• 401K matching with a 5% matching contribution
• Regular team and company social events including our annual party, happy hours, fitness challenges, and more
• A focus on community engagement including company wide support activities, employer match for donations, and time off for volunteer efforts