Compliance Automation Software Developer

Location: Must reside within 50 miles of one of the following: Ft. Belvoir, VA; Aberdeen Proving Grounds, MD; ERDC, Vicksburg, MS; Wright Patterson AFB, Dayton, OH; or NIWC Pacific, San Diego, CA

Security Clearance: SECRET Clearance required

Salary: Competitive, commensurate with experience

About the Opportunity

D9Tech is seeking highly skilled Compliance Automation Software Developers to join our team in support of the Department of Defense (DoD) High Performance Computing Modernization Program (HPCMP). This critical role involves developing and maintaining software tools to automate security compliance for the Defense Research and Engineering Network (DREN) and Secret DREN (SDREN), ensuring the DoD’s supercomputing ecosystem meets stringent cybersecurity standards.

Key Responsibilities

• Software Development: Design, develop, test, and maintain a client scanner to automate Security Technical Implementation Guidance (STIG) compliance for Unix, Linux (e.g., RHEL 6-8, SLES 12/15), MacOS (e.g., 10.15–13), and Windows systems, as well as applications like Apache and Bind.
• Website/Database Development: Create and support a centralized website/database for collecting and analyzing scanner reports, interfacing with Enterprise Mission Assurance Support Service (eMASS) for Plan of Actions & Milestones (POAM) generation.
• Standalone Instance: Develop and maintain a distributable web/database component for external organizations, ensuring feature parity with the HPCMP instance.
• CI/CD Implementation: Follow a Continuous Integration/Continuous Delivery (CI/CD) strategy with an 8-week release cycle, incorporating quarterly DISA STIG updates and resolving bugs within each cycle.
• Security Compliance: Ensure software adheres to DoD mandates, including CAC and SIPRNET Token Authentication, and maintain Information Assurance Vulnerability Alerts (IAVA) compliance.
• Support & Maintenance: Deploy and sustain Compliance Automation tools in development, test, and production environments on DREN and SDREN, resolving user access issues within 8 hours and system issues within 30 days.
• Documentation: Produce and maintain detailed system documentation (e.g., user guides, architectural diagrams, certification documents) and upload source code to government-accessible repositories.
• Collaboration: Participate in Requirements Review Board (RRB), user group meetings, and other forums to report status, address bugs, and gather feedback on enhancements.

Qualifications

• Education: Bachelor’s degree in Computer Science, Software Engineering, or a related field (or equivalent experience).
• Experience:
• Proven expertise in software development with at least one of the following: Perl, MongoDB, PostgreSQL, MySQL, OpenSSL.
• Experience with Unix/Linux (e.g., RHEL, SLES), MacOS, and STIG automation.
• Familiarity with API development, website development, and database management.
• Certifications: DoD Information Assurance Technician (IAT) Level II certification (e.g., Security CE, CCNA Security).
• Clearance: Active SECRET clearance required; ability to obtain SDREN access within 30 days of assignment.
• Skills:
• Proficiency in developing cross-platform software compatible with browsers like Chrome, Firefox, Edge, and Safari.
• Knowledge of open-source software management and software assurance practices throughout the Software Development Life Cycle (SDLC).
• Strong problem-solving skills with a track record of meeting tight deadlines (e.g., 8-hour issue resolution).
• Location: Must reside within 50 miles of a designated HPCMP site (listed above) to support deployment and sustainment activities.

Preferred Qualifications

• Experience with DoD cybersecurity frameworks (e.g., Risk Management Framework, NIST SP 800-53).
• Prior work on High Performance Computing (HPC) or DoD network security projects.
• Familiarity with HPCMP policies and DISA STIG implementation.

Job Type: Full-time

Application Question(s):

• Do you reside within 50 miles of one of the following: Ft. Belvoir, VA; Aberdeen Proving Grounds, MD; ERDC, Vicksburg, MS; Wright Patterson AFB, Dayton, OH; or NIWC Pacific, San Diego, CA
• Are you comfortable with CI/CD and fast-paced release cycles?
• Have you developed cross-platform software for browsers like Chrome, Firefox, Edge, and Safari?
• Have you deployed and supported tools in dev, test, and production environments?

Education:

• Bachelor's (Required)

Experience:

• automating STIG compliance across OS platforms: 7 years (Required)
• Perl, MongoDB, PostgreSQL, or MySQL: 7 years (Required)
• DoD cybersecurity frameworks or IAVA compliance: 7 years (Required)
• STIG for Unix, Linux, MacOS, Windows, Apache and Bind: 7 years (Required)

Security clearance:

• Secret (Required)

Work Location: Hybrid remote in Virginia Beach, VA 23454