Cyber Security Developer/Tester Position Description:
This program supports our federal customer who plays a key role in providing direct cybersecurity engineering support to the Federal Civilian Executive Branch. Program provides software and cyber engineering and integration support to specific Government-sponsored projects, pilots, and prototypes. This includes solution planning and engineering, defining security requirements, target architecture, interoperability and integration, system testing, Verification and Validation, Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this team, you will contribute to the engineering of current and emerging cybersecurity systems, policies, and processes to enforce standards and identify vulnerabilities and capability gaps to reduce cybersecurity risk of our customer networks.
Cyber Security Developer/Tester will report directly to the senior program executive group and be responsible for determining and developing innovative approaches for addressing cyber security risks associated with application development, providing application security guidance to application development teams, and performing code review and static/dynamic analysis. Other responsibilities include the development and use of automated software testing frameworks for large scale security-critical software testing to validate that secure coding best practices are being used. Developers/Tester will ensure low-level firmware/software development pushes the bounds of the originally specified intent of the hardware/software. Will resolve and mitigate vulnerabilities, design security functions, and provides evidence- based reasoning to substantiate claims for trustworthy and secure work products.
Other Duties:
–Participate in standards reviews.
–Support attribute-based access control.
–Contribute to operational plans including cyber technology, storage management, and architectural criteria that promote continual data assessment and audit capabilities for security and quality control.
–Create documentation and contribute to architectural and security efforts in a Cloud environment, specifically AWS GovCloud.
–Support engineering and development efforts working in a SAFe Systems Engineering Lifecycle (SELC) environment.
Required Education, Experience, & Skills
Must have experience in the following areas:
— Familiarity with OWASP & SANS identified common security coding flaws, threat modeling, and automated & manual static security code analysis
— Programming experience with a primary programming language (Java, .NET or Python) and SQL and JSON; other programming experience is also beneficial (e.g. Ruby/Rails, Scala, Perl, YAML, HCL)
–Experience gathering and analyzing system requirements.
–Expertise in SQL, NoSQL, or Cypher query language solutions.
–Familiarity with visualization and modeling tools.
–Knowledge of mining and segmentation techniques.
–Must have an active Secret Clearance and be eligible for TS/SCI
–Must be able to obtain DHS EOD.
Current certifications in one or more of the following:
— SECO Institute – Secure Programming Foundation (S-SPF)
— SECO Institute – Certified Secure Software Developer (S-CSSD)
— ISC2 – Certified Cloud Security Professional (CCSP)
— ISC2 – Certified Secure Software Lifecycle Professional (CSSLP)
— SANS GIAC – GWEB (Certified Web Application Defender)
— SANS GIAC – GISP (Information Security Professional)
— EC-Council – Certified Application Security Engineer Java (CASE JAVA)
— EC-Council – EC-Council Certified Application Security Engineer .Net (CASE .Net)
Preferred Education, Experience, & Skills
–Bachelor’s Degree and 10+ years or equivalent experience.
–In-depth understanding of database documentation, data integration and data migration (on-premises to Cloud)
–SAFe or Agile certification and experience
–ITIL certification.
–Expertise in AWS GovCloud data tools, specifically, S3, Redshift, Zeppelin, Kibana
–Expertise in verbal and written skills to lead discussions and documentation efforts
–Familiarity with Business Intelligence tools such as Tableau
About River Front Services Inc
River Front Services, Inc. (RFS) is a system engineering firm that specializes in critical systems for diverse clients ranging from Government Agencies to State and local Municipalities. Our services range from system design and integration to network operations and analysis to systems/cyber security and exploitation, to deployable space structures. Notably, RFS is a small and agile firm, enabling us to be extremely flexible and responsive to our customers. Best of all, RFS is known for our depth of knowledge, exceptional quality, and unparalleled service.