Cybersecurity/Information Assurance

Software Security Specialist


SRC, Inc. is currently seeking software security specialist to support the development of secure software and practices.

Responsibilities

  • Define rule sets for static analysis of SRC software based on program requirements and input from software engineering.
  • Utilize software tools to automate static code analysis in accordance with contractually defined cadence and objectives.
  • Review results of static code analysis and propose remediations for vulnerabilities and weaknesses that meet or exceed acceptable impact code/level based on contractual requirements and best practices.
  • Partner directly with Software, System and Test Engineers to identify solutions that ensure security of applications and software while maintaining functional intent.
  • Ability to effectively implement OWASP manual test procedures to validate software security.
  • Ability to devise test cases specific to target applications and software as needed.
  • Collaborate with Configuration Management, Software Leads, and Program Managers to develop and define Software Development Plans, Software Assurance Plans, and other program documentation.
  • Perform design reviews and develop threat models for existing and new software.
  • Work with system owners to identify mission critical software applications.
  • Apply and maintain Application Security Development STIGs in accordance with requirements and direction from system owners, assessors, and authorizing officials.
  • Apply developmental testing and evaluation that confirms the required controls are implemented correctly and operating as intended, enforcing desired security privacy policies, and meeting established security and privacy requirements.
  • Capacity to understand CWE definitions, identify applicable CVEs based on program specific requirements, needs and objectives.

Requirements

  • Bachelor degree in cybersecurity, information technology, computer science, or similar field and three or more years of relevant experience
  • Strong understanding of software development terminology and practices
  • Knowledge of cyber security concepts and vulnerability and threat mitigation
  • Experience with analyzing test results to verify they are in accordance with requirements
  • Ability to effectively communicate complex issues to varying audiences clearly and concisely in both oral and written formats.
  • Ability to work with others to gather and disseminate information in pursuit of common objectives.
  • Hold necessary DoD 8570 certifications or ability to obtain certifications within 6 months of starting.

Preferred Requirements

  • Experience with Klocwork static code analysis tool
  • Experience with software development, debugging and testing.
  • Experience SCAP, ACAS, STIG implementation, NIST 800-53 and other DoD requirements.
  • Experience with security control assessments and reporting
  • Knowledge of DoD systems
  • Knowledge and experience with; design(s), conducting technical vulnerability assessments, computer system and network engineering, managing program information technology (IT) assets' configuration
  • DoD 8570 certification
  • DoD 8140/8570 certifications commensurate with experience and skill set
  • Experience with Windows and Linux server operating systems and applications

President Biden’s Executive Order 14042, requires Federal contractors and subcontractors to be fully vaccinated for COVID-19 by January 4, 2022. This requirement applies to all SRC, Inc. and SRCTec, LLC employees and its subcontractors.

  • Location Syracuse, New York
  • Employment Type Full-Time Salaried
  • Experience Required 3+ Years
  • Education Required Bachelors Degree
  • Security Clearance Requirement Must meet eligibility requirements
  • Travel % 10