Senior Software Assurance Engineer

Redstone Arsenal/Huntsville, AL

IPT Associates (IPTA) is passionate about providing our customers with technical solutions that satisfy their business needs. Through collaborative interactions with customers, team members, subject matter experts (SMEs), technical leaders, and partners we design practical solutions that solve real problems for major government and business organizations. As a member of our Aviation and Missile Center (AvMC) Team, you will work with a team of technologists focused on delivering innovative business solutions using emerging technologies through proven successful methods.

Our Team

IPTA seeks talented people who are enthusiastic about applying technology to deliver innovative outcomes with "fierce determination, fearless integrity, and passionate service." Our belief is that our people are the key to success. By encouraging and enabling continued learning, our team members grow to achieve their personal career goals. We are looking for:

• Smart people with a passion for technology
• Ability to solve challenging technical business problems
• Self-directed professionals
• Hunger to continually learn and grow
  
  

We are looking to hire a Senior Software Assurance Engineer to support our Enterprise IT Support Services work at the Army Aviation and Missile Center (AvMC). AvMC is the Army's focal point for providing research, development and engineering technology and services for aviation and missile platforms across the weapons systems life cycle. AvMC's mission is to "deliver collaborative and innovative aviation and missile capabilities for responsive and cost-effective research, development, and life cycle engineering solutions" to equip the Warfighter with the best technology today and tomorrow.

Responsibilities

• Collaborate closely with developers to identify, mitigate, and remediate vulnerabilities in application code written in .NET, Java, JavaScript, PHP, Python, VB.NET, C, C , and C#.
• Collaborate with development teams to triage and fix vulnerabilities identified as a result of static and dynamic code analysis support. Assist developers in creating Plans of Action and Milestones (POA&Ms) and Mitigations for open findings and vulnerabilities, ensuring timely remediation and compliance.
• Conduct thorough source code analysis on Government Off-The-Shelf (GOTS) and Open-Source Software (OSS) using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools.
• Conduct static code analysis and dynamic code analysis services leveraging DoD approved vulnerability scanning software to include, but not limited to, Fortify SCA and Fortify WebInspect, and SwAT
• Provide oversight continued maintenance, development, and support for the software code analysis environment, tool sets, and code simulators that support various application development efforts across the AvMC Enterprise
• Oversee the performance of code and script development/testing in accordance with DoD/DA/AvMC internal software development processes for all products developed and deployed on AvMC networks
• Ensure code is documented and developed in accordance with DoD/DA/AvMC coding standards and DISA Security Technical Implementation Guides (STIG) requirements. Audit Application Security and Development Security Technical Implementation Guides (STIGs) for completeness, providing expert advice to developers on necessary controls and best practices.
• Utilize Microsoft Teams Planner software to provide oversight and ensure continuous monitoring (ConMon) activities for applications are executed effectively and within compliance requirements.
• Implement, manage, and sustain software security risk measures across the AvMC Enterprise leveraging DoD approved risk management software to include, but not limited to, Fortify Software Security Center (SSC)
• Integrate Fortify, and any complimentary Government-approved tools, into existing and established enterprise integrated development environments and continuous integration/continuous development (CI/CD) DevSecOps pipelines
  
  

Requirements

• Strong communication and organizational skills
• BS/BA in related field
• 10 years of related work experience
• Experience with Fortify static code analysis
• DoD 8570 Level II/III certification
• US Security Clearance required
  
  

IPTA is an Equal Opportunity/Affirmative Action employer. We are committed to providing equal employment opportunity to all qualified employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, sexual orientation, national origin, age, physical disability, mental disability, medical condition, status as a veteran or disabled veteran or any other characteristic protected by law. We base all employment decisions, including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, returns from lay-off, terminations, and social and recreational programs on the principles of equal employment opportunity. Our employees have diverse backgrounds, skills, and ideas that collectively contribute to a rich working environment and greater opportunity for innovation.

#clearance

#dice