Development Security Engineer
gTANGIBLE Corporation (gTC), www.gtangible.com, is a C corporation and a registered Government contractor that provides services and solutions in:
- National Security Programs
- Professional, Administrative, and Management Support
- Mission and Warfighter Support
We are a Service-Disabled Veteran-Owned Small Business (SDVOSB) and the founder has years of successful experience in the Government contracting arena. Our leadership team is an exceptional group of Government contracting professionals. gTANGIBLE is in the process of identifying candidates for the following position.
Requisition Type: Full Time
Position Status: Contingent
Position Title: Development Security Engineer
Location: Arlington, VA
Duties and Responsibilities
The Development Security Engineer supports this Transportation Security Administration Information Technology (TSA IT) Task Order (TO) by coordinating with Agile and Development Security Operations (DevSecOps) teams to develop, document and integrate security best practices during the Agile Software Development Life Cycle (SDLC). Duties include the following:
- Conducts code review, identifies flaws in the business logic, programmatic vulnerabilities and weaknesses during the Agile Software Development Life Cycle (SDLC) process.
- Conducts security testing of web applications, web services, end points, (and other web-related assets) using both Information Assurance & Cybersecurity Division (IAD)-provided automated testing tools and manual testing techniques. These scans will be coordinated for each of the Agile Sprints.
- Provide findings feedback to the Agile and DevSecOps team.
Knowledge and Qualifications
- At least ten (10) years of technical IT security experience performing software development in an Agile Environment.
- At least five (5) years of experience performing application security testing.
- At least three (3) years of experience performing web application security testing using manual techniques and vulnerability testing tools and/or code review tools for Federal IT systems.
- At least five (5) years of experience with writing scripts and utilities using interpreted languages.
- At least one (1) year of experience writing scripts with each of the following: PowerShell, PERL, and Python.
- Extensive knowledge of the Agile SDLC methodology.
- Ability to work independently/minimal oversight.
- Experience with manual web security testing techniques.
- Strong understanding of NIST SP 800-53 and DISA STIGS.
- Required Certifications: CISSP, CEH, GWAPT or other relevant certifications.
- Experience with WebInspect, AppScan, BurpSuite, SoapUI, Nessus Professional, HP Fortify, Apple Developers Toolkit, Visual Studio and open source IDEs for development and testing.
- Strong organizational, analytical, and technical writing skills to be able to document findings in reports.
gTANGIBLE Corporation is an equal opportunity employer and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, marital status, national origin, or political affiliation.