Sierra7, Inc. seeking an Application Security Engineer to support a diverse, adaptable team providing technical, programmatic and assessment and authorization and compliance support services to the VA. This program provides a comprehensive evaluation of an organization’s information system policies, security controls, policies around safeguards, and documented vulnerabilities. All activities will be coordinated within the user teams.
Sierra7 is a US Small Business Administration (SBA) and Center for Veterans Enterprise (CVE)-verified Service-Disabled Veteran-Owned Business (SDVOSB) who provides Federal clients system and technology integration, program management, business process optimization, and enterprise solutions.
• Providing support as an Application Security Engineer focusing on secure code review
• Reviewing Static Application Security Testing (SAST) and Software Composition Analysis (SCA) scans and mitigations in scanned source code of custom-developed applications for correctness and completeness
• Using various tools in support of the Software Assurance Program, primarily Micro Focus Fortify Static Code Analyzer and OWASP Dependency check to perform SAST and SCA scans
• Supporting an operational team, while working remotely, during East Coast normal business hours.
• Utilizing collaboration tools such as Teams and GitHub to manage and report on work
• Having prior work experience as a software developer in an enterprise environment working in programming languages such as Java and C#, ideally also with mobile technologies such as iOS
• Having development experience and an interest in learning about vulnerabilities in source code and underlying libraries and frameworks
• Writing up detailed analysis and explaining analysis to developers and others daily
• Providing end user support for developer tools
• Assisting the Software Assurance Program to perform developer training and support for Fortify tools in addition to SCA that are included with the SCA license, such as Software Security Center (SSC)
The candidate skills and experience include:
• Designing, coding, developing, testing and documenting enterprise resource programs
• Ability to use advanced technologies, such as IP or web-based technology
• Experience with Java and C#
• Experience with MS Teams and GitHub
• Experience developing modifications to, and maintenance of, existing programs and procedures.
• Experience writing or creating procedural forms and documentation, including flow charts and system documentation
• Experience using Micro Focus Fortify Static Code Analyzer
• Must have experience completing Open Web Application Security Project (OWASP) Dependency check to perform Static Application Security Testing (SAST) and Software Composition Analysis (SCA) scans
• Familiarity with 508 regulations
• Experience working within a Human Centered design a plus
• Strong interpersonal and client-facing skills
• Strong oral and written communication skills
• Bachelor’s degree in Engineering, Computer Science, Math, or equivalent (8 years of additional experience may be substituted for education)
• 7 years of relevant experience
• Experience working in VA or other Government agency [desired]• The ability to obtain a public trust [required]
This is a full-time remote position
CLICK ON JOB TITLE TO APPLY JOB NOW @ HIRE A VETERAN JOB BOARD → [Application Security Engineer – Remote Opportunity (Remote) ]