Application Cyber Security SME – Ability to attain Secret security clearance

 In

Website Spathe Systems, LLC

Application Cyber Security SME

Spathe Systems is a rapidly growing, 8(a) defense contractor headquartered in Tampa, FL with offices in Fayetteville, NC. As a small business with a tight nit family feel, Spathe empowers its employees to solve problems and make decisions. Spathe is currently searching for an Application Cyber Security SME to join our USSOCOM DevSecOps team.

 

Clearance: Ability to attain Secret security clearance (Must be US Citizen)

 

Job Duties/Responsibilities

  • Deep Knowledge and Understanding of: NIST 800-53 & 800-190
  • Participate in the application development process
  • Review the application security life cycle of applications
  • Perform threat modeling and data migrations
  • Conduct Security scans of code utilizing of Twistlock, Fortify and potentially other security scanning tools (Claire, SonarQube, etc)
  • Documentation and reporting of scan results
  • Integration in DevSecOps
  • Participate as an active member of the application planning and development team
  • Assist with managing, monitoring and improving the application security life cycle program
  • Lead efforts in threat modeling
  • Assist with data migration
  • Monitor developments within the application security industry to ensure internal policies, procedures, tools, and training reflect current trends and methods such as those published by OWASP
  • Provide security guidance on a constant stream of new products and technologies
  • Work with developers to refine security checkpoints in the SDLC that are based on applicable standards or industry-accepted doctrine
  • Conduct regular security assessments, identify emerging vulnerabilities, risks, and threats during design iterations and provide appropriate countermeasures
  • Obtain and review all required artifacts as part of go, no go analyses at security checkpoint phases in the development cycle
  • Assist with periodic security risk assessments, IT security audits, and management reporting
  • Work with the development teams to provide guidance on secure code. Excellent verbal and written communication skills

Qualifications

  • Experience with SDLC principles
  • Software Development experience (Java, Python, Go, etc.)
  • 7+ years reviewing source code, using security testing tools, and threat modeling
  • Experience working in AWS EC2 and OpenShift Containers – Desired Experience
  • Working knowledge of Web Application firewalls
  • Experience working with Agile development/Scrum teams
  • Strong knowledge and ability to operate vulnerability assessment and application assessment tools (e.g. AppScan, Fortify, Veracode, SonarQube, Claire, Twistlock)
  • Security risk assessment and systems security audit work experience
  • Experience with threat modeling and web application security assessments
  • Risk Management Framework (RMF) expertise

 

Recent Posts