Subject Matter Expert Static Code Reviewer DC
JOB CODE: 2752
TITLE: Subject Matter Expert /Static Code Reviewer
LOCATION: DC – Washington
DURATION: Full Time/Regular/On-Going
DESCRIPTION For Subject Matter Expert Static Code Reviewer DC:
Planned Systems International (PSI) is recruiting PSI and/or our Partners for DHS and other projects wherein we provide IT Security Support Services and Compliance for all aspects of IT services including: desktops/laptops; LAN connectivity; audio-visual/video-teleconferencing; telecommunications; applications; and software and hardware acquisition/installation. These are large environments with hundreds to 1000’s of seats; multiple LAN’s; and multiple applications. All are required to be in compliance with full security assessment and authority to operate.
Essential Functions and Job Responsibilities For Subject Matter Expert Static Code Reviewer DC:
The DHS Science & Technology Division requires recurring SME /Static Code Reviewer services for a number of its systems based on each system’s status within the security assessment and authorization cycle, authority to operate status, and estimated risk profile. In general terms, all systems are subject to security assessment and authorization activities, and as a result of those activities risk are uncovered, but the exploitability of those risks must be evaluated and understood. The SME/Static Code Reviewer will analyze systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses. Any security issues that are found will be presented to the system owner with an assessment of their impact and a recommendation for mitigation or technical solution. S&T requires static code analysis of applications and systems that are deployed and in development. In general, S&T performs automated and manual source code review of applications and tools before they are operationally deployed; review looks for weaknesses in poor development practices and weak application configuration settings. The selected individual shall perform static code analysis on software developed in-house and by contracted developers and work with the developers throughout the development lifecycle to ensure compliance with secure software development best practices and DHS standards. He or she will present any issues that are found to the ISSO, Compliance Officer, system owner, authorizing official, and the CISO along with an impact assessment and a recommendation for mitigation and technical solution. More specific expectations also include:
* Assessing system information security policies against DHS policies.
* Ensuring policies are comprehensive to system.
* Evaluating security components against their ability to resist threats in the deployed environment.
* Evaluating configurations and implementation of firewalls, proxy servers, routers, Virtual Private Networks (VPNs), IDS, wireless networks, etc. against legal requirements, departmental/local policy, industry best practices and vendor recommendations.
* Evaluating process and procedures associated with operations.
* Conducting vulnerability assessment and penetration testing customized to the system function and technical requirements.
* Executing standardized IV&V practices to evaluate comprehensive state of the security posture.
* Performing manual and automated assessments on code delivered during development and as patches during operations against DHS S&T secure code policies and industry best practices.
* Providing formal reports utilizing S&T pre-established reporting templates, as required, on vulnerabilities uncovered during code reviews and recommendations on how developers can remediate the uncovered issues.
* Working with development staff to remediate security vulnerabilities as they are identified and provide recommendations on how software development lifecycles need to be modified to address vulnerabilities and concerns.
Minimum Requirements For Subject Matter Expert Static Code Reviewer DC:
* BS Degree in a technical field. An equivalent combination of education and experience may be considered.
* Must possess any one of the following: CSSLP (Preferred), CASP, or CISSP.
* 5 + years performing in IA Security as a Static Code Reviewer.or Penetration Tester.
* Experience must include:
* Proven experience with various Security Testing Frameworks (such as OWASP)
* Expert knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used to exploit software vulnerabilities
* Utilizes automated code reviews (using tools like HP Fortify) as well as manual code review techniques to identify application security vulnerabilities.
* Familiarity with various programming languages and frameworks (C, C++, PHP, .NET, ASP, JAVA, Struts)
* Solid understanding of Software Development Life Cycle methodologies.
* Exceptionally good written and oral communication skills.
* Good interpersonal and consulting-type skills.
* US Citizenship and Secret Clearance required as well as ability to successfully pass Corporate and DHS client suitability background checks.
Please apply online
Company Website – http://www.plan-sys.com/
When you get employed, reach back and help a fellow Service men and women over the wall.
What goes around, comes around. Help when and where you can.
You, a family member or friend could be next to need a job.
Planned Systems International provides our customers with value-added management consulting and information technology services that consistently deliver success, and we are recognized as a world-class provider of innovative solutions that benefit mankind. From Systems Lifecycle Support and Healthcare IT Solutions to Network and Desktop Solutions and e-Business, PSI is focused on making our clients’ businesses run smoother and better. With a highly trained technical staff, we apply state-of-the-art information technologies, the industry’s most advanced methodologies, and broad-based support services to clients in U.S. Government agencies and the commercial sector.
PSI is an Equal Opportunity Employer.
All qualified candidates are encouraged to apply, including:
Minorities, Women, Individuals with Disabilities, and Protected Veterans.
NOTE TO JOB SERVICE: VEVRAA Federal Contractor requesting priority referrals of Protected Veterans.
Subject Matter Expert Static Code Reviewer DC