Cyber Security Developer/Tester SME

Digiflight, Inc. has an opportunity for a Cyber Security Developer/Tester SME to support a dynamic DevSecOps program operating in a SAFe Agile Framework.   This position will be engaged in supporting a large government program.  

You will be providing application security guidance to application development teams.  Additionally, the Cyber Security will advise on remediation of vulnerabilities to deployment teams with respect to application security best practices, security automation with the SELC, and the proper use of application security tools and services.  She/he will design and development of applications as well as multi-tiered applications. Candidate will interface on a regular basis with others from a global team. 

To be successful, the role will require the individual to understand the security landscape, and to offer creative solutions that integrate current capabilities, vendor capabilities, proprietary system builds, and the ability to adapt to changing business requirements.

PRIMARY RESPONSIBILITIES:

• Responsible for determining and developing innovative approaches for addressing cyber security risks associated with application development 
• Provides application security guidance to application development teams 
• Performs code review and static/dynamic analysis; identifies and addresses security issues  
• Responsible for the development and use of automated software testing frameworks for large scale security-critical software testing to validate that secure coding best practices are being used 
• Ensures low-level firmware/software development pushes the bounds of the originally specified intent of the hardware/software. 
• Resolves and mitigates vulnerabilities, design security functions, and provides evidence-based reasoning to substantiate claims for trustworthy and secure work products 
• Familiarity with OWASP & SANS identified common security coding flaws, threat modeling, and automated & manual static security code analysis 

• Programming experience with a primary programming language 
• Providing application security guidance to application development teams and advise on remediation of vulnerabilities to deployment teams with respect to application security best practices, security automation within the System Engineering Life Cycle (SELC,) and the proper use of application security tools and services. 
• Assisting developers in developing secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices 
• Assisting in the development of automated security testing to validate that secure coding best practices are being used. 
• Assisting with the development of security features and user stories.

BASIC QUALIFICATIONS:

• Expert understanding of multi-tiered web-based applications.
• Extensive experience with interacting with REST APIs
• Extensive experience with JavaScript libraries (JQuery, Bootstrap etc.)
• Expert understanding of requirements of large enterprise applications (security, entitlements etc.)
• Extensive experience with source control such as Bitbucket etc.
• Excellent communication and presentation skills: ability to communicate in a clear and concise manner; individually or in front of a group.
• Current certifications in one or more of the following: 
  1. SECO Institute Secure Programming Foundation (S-SPF) 
  2. SECO Institute Certified Secure Software Developer (S-CSSD) 
  3. ISC2 Certified Cloud Security Professional (CCSP) 
  4. ISC2 Certified Secure Software Lifecycle Professional (CSSLP) 
  5. SANS GIAC GWEB (Certified Web Application Defender) 
  6. SANS GIAC GISP (Information Security Professional) 
  7. EC-Council Certified Application Security Engineer Java (CASE JAVA) 
  8. EC-Council - EC-Council Certified Application Security Engineer .Net (CASE .Net) 

Candidate must be a US Citizen

Candidate must have an active TS/SCI

Candidate must have a MA/MS degree with a minimum of 15 years of experience. This may be substituted with a BS/BA degree and a minimum of 20 years of total experience.

Preferred Qualifications:

• Certified Ethical Hacker (CEH) 
• Windows/Linux Admin 
• Azure Sentinel or Other Cloud SIEM 
• CISSP 
• Security  
• Network  
• Cisco Certified Network Professional (CCNP)
• Cisco Certified Security Professional (CCSP) 
• Vendor specific certification for the aforementioned products or similar certification

Experience with one or more of the following:  

• RSA Security Analytics (NetWitness) 
• Symantec Bluecoat 
• ForeScout CounterAct 
• McAfee ePO 
• Cisco FirePower (SourceFire)
• RedSeal
• SecureSphere Imperva 
• Tenable Nessus
• Azure Sentinel 
• TAPs 
• Cloud technologies 
• Project Management processes to include SAFe and Agile 
• SDLC 
• Monitoring and analysis to include packet capture 
• PKI
• Chain of trust

Our People 

DigiFlight attracts the most highly skilled workforce to protect some of our nation’s most sensitive systems. Before joining the company, many DigiFlight professionals served our country in a civilian and/or military capacity. Our diverse team provides innovative solutions as they support critical clients in tackling tough challenges. Most importantly, our team is passionate about their work and making a difference.

Our corporate culture promotes a healthy work/life balance.

Our Benefits

DigiFlight’s competitive benefits package allows employees to manage their personal and professional portfolios through a variety of features and programs. Our benefits include:

• Health, Dental, Vision, and Flexible Spending Account
• Paid Time Off (PTO)
• 11 paid holidays
• Tuition Education Assistance
• Professional Development
• 401(k) retirement plan
• Life insurance and short- and long-term disability insurance
• Employee Referral Program
• Marketing Incentive Plans

DigiFlight, Inc. (DFI) is an Affirmative Action, Equal Opportunity Employer. DFI offers a highly competitive, family-oriented benefits package.