Software Security Lead - Senior Principal Software Engineer - S3E

About The Position

Requirements

• Bachelor’s degree in Science, Technology, Engineering or Mathematics (STEM) and 10 years of related experience
• Experience in object-oriented software design and embedded development using languages such as C and or C++
• Experience with Xilinx UltaScale+ MPSoC, Versal, or similar Embedded Processors
• Experience with embedded OS like VxWorks, Embedded Linux, or similar
• Embedded Software Security and Cryptographic Algorithm experience
• Experience with Secure Boot concepts
• Understanding of secure coding principles, architecture and implementation of secure coding best practices
• The ability to obtain and maintain a US security clearance
• U.S. citizenship is required

Nice To Haves

• Experience with validation and verification of software applications
• Experience/Knowledge of Linux/Unix environment
• Experience/Knowledge of Interfacing with FPGAs
• Experience/Knowledge of Interfacing with low-level memory drivers
• Experience/Knowledge of Inter-processor communication
• Experience/Knowledge of ARM Architecture
• Experience designing, implementing, testing, or fielding real-time security-oriented solutions on Department of Defense (DoD) programs (embedded experience highly preferred)
• Experience using security-relevant tools and devices for security auditing, network security, host/server security, communication security, or policy management
• Experience in Agile and DevSecOps environments
• Experience in an Agile/Scrum/Kanban frameworks and development environments
• Experience using software configuration management and bug tracking tools
• Experience with Python / Perl
• Knowledge of modern computer architecture and hardware technologies including: PCIe, GPIO, I2C, SATA
• Knowledge of Field Programmable Gate Arrays (FPGAs)
• Knowledge of Application-Specific Integrated Circuits (ASICs)

Responsibilities

• Act as the Technical Lead and possibly the Agile Product owner for the Software Security Team
• Primary owner of the software security implementation to ensure compliance with System Security requirements
• Adopt and implement secure coding standards for each programming language used
• Drive off-nominal testing by ensuring the software will remain in a secure state during failure conditions and developing negative test cases for bypassing security
• Consider using compiler, interpreter and build tool features that improve executable security and ensure the compiler does not optimize out any security-critical behaviors
• Provide the software assurance implementation for the Program Protection Implementation Plan (PPIP) as part of the overall software security process, partnered with the Systems Security Lead
• Conduct a software vulnerability risk assessment on reused code and the final delivery
• Provide a Software Bill of Materials (SBOM) on the final delivery
• Apply secure coding principles to the design and development of hardened software applications
• Work with Systems and Software Architects, and program stakeholders to ensure that software security is embedded in the program’s processes and customer deliverables
• Work with the relevant stakeholders to ensure the capture and development of any security relevant requirements
• Consider the architectural and design impacts to the solution while ensuring those requirements are met
• Help the program adhere to secure coding practices and the Software Product Assurance Command Media

Benefits

• Medical insurance
• Dental insurance
• Vision insurance
• Life insurance
• Short-term disability
• Long-term disability
• 401(k) match
• Flexible spending accounts
• Flexible work schedules
• Employee assistance program
• Employee Scholar Program
• Parental leave
• Paid time off
• Holidays
• Annual short-term and/or long-term incentive compensation programs