Title: Application Cybersecurity Software Engineer (Remote Opportunity)
Application Security Software Engineer (Remote Opportunity)
Please note: The incumbent for this position will be available for a 5k sign-on bonus
ABOUT THIS POSITION
The successful candidate will be part of the KBR team supporting the Test Resource Management Center’s (TRMC) Test and Training Enabling Architecture (TENA) and Joint Mission Environment Testing Capability JMETC User Support and Cybersecurity Teams. The successful candidate will be assigned Cybersecurity software analysis tasks in support of the development and maintenance of JMETC and other TENA-based Software Applications. Other duties include: documenting, managing configuration, testing, and bug fixing involved in creating, maintaining and hardening applications and frameworks involved within an agile software release life cycle and resulting in a software product. The successful candidate will be expected to utilize the TENA Framework and Build System and follow processes that ensure high quality and cybersecure software is delivered to our government customer.
- We are looking for an Application Security Engineer to integrate security at every phase of the software development life cycle by working closely with developers to ensure applications are secure from inception through release.
- The Application Security Engineer role is intended to help developers create hardened applications to ensure the best in class security for TRMC customers.
- The Application Security Engineer is expected to have experience with many different coding languages and software analysis tools, such as Fortify, Coverity, etc.
- The Application Security Engineer is expected to scan code from the program through Fortify and be able to make recommendations to developers for fix, analyze results, print reports at the developer and senior management level.
- The application Security Engineer is expected to be an integral part of the Software Assurance Program and Risk Management Framework Assessment Only program within TRMC.
- The Application Security Engineer will be DoD 8570-01M Certified as an IASAE II
- The Application Security Engineer is expected to provide guidance in development best practices, support in software architecture and design, and configuration hardening.
- Conduct software security vulnerability analysis and risk assessments in support of RMF Assessments for all of TRMC
- Design Public Key Infrastructure (PKI) into software platforms (includes use of certification authorities (CAs) while adhering to industry standards)
- Work with Cybersecurity and Development teams to improve software security through activities including: vulnerability testing, investigation, reporting and mitigation of incidents, patch management and maintenance, vulnerability tracking, setup and review of output from security tools including software code analysis tools
- Test and validate security and quality of code using Fortify and other Software Analysis tools
- Draft technical documentation pertaining to software code analysis
- Serve as a technical security consultant to the development team
- Manage and track vulnerabilities associated with Open Sour Source Software used
- Communicate with the security and development teams to follow up on software security related issues.
- Conduct risk and vulnerability assessments at the application level
- Research, evaluate, and recommend new security tools, techniques, and technologies
- Prepare security reports at the technical and executive levels
- Act as a liaison between the Cybersecurity Team and the Development Team
- Expertise with all aspects of secure application development
- Bachelors Degree with 8+ years experience
- Expertise in software testing tools (Testing and Validation)
- Expertise in software analysis and risk assessments regarding software security
Scheduled Weekly Hours: 40
KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.