Ops System and Applications Security Architect

The Air Combat Command's 67th Cyberspace Wing (67 CW), 346th Test Squadron (346TS) plans, executes, and contributes as both an operational and participating test organization in a full array of operational tests of various cyber weapons in coordination with the 318 Range Squadron (318RANS) who provides instrumented cyber range services, through both physical hardware and virtual systems. 

In support of this mission, ANALYGENCE is seeking an Ops System and Applications Security Architect to ensure security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes. Responsibilities include:

• Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews.
• Apply secure code documentation
• Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules
• Develop threat model based on customer interviews and requirements
• Consult with engineering staff to evaluate interface between hardware and software
• Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
• Identify basic common coding flaws at a high level
• Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise’s computer systems in software development
• Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life
• Perform integrated quality assurance testing for security functionality and resiliency attack
• Conduct risk analysis whenever an application or system undergoes a major change
• Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing
• Store, retrieve, and manipulate data for analysis of system capabilities and requirements
• Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria
• Perform penetration testing as required for new or updated applications
• Consult with customers about software system design and maintenance
• Direct software programming and development of documentation
• Supervise and assign work to programmers, designers, technologists and technicians, and other engineering and scientific personnel
• Analyze and provide information to stakeholders that will support the development of security application or modification of an existing security application
• Analyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandates
• Conduct trial runs of programs and software applications to ensure that the desired information is produced, and instructions and security levels are correct
• Develop secure software testing and validation procedures
• Develop and perform system testing and validation procedures, programming, and documentation, secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities
• Determine and document software patches or the extent of releases that would leave software vulnerable
• Position requires travel up to 25%