ssential Duties and Responsibilities:
• Assist the product engineering team in writing cybersecurity requirements, test plans and
• testing
• Apply risk management frameworks (RMF) to product development.
• Peer review security-critical areas of software and device configuration
• Document cybersecurity compliance
• Complete STIGs for embedded products
• Monitor software applications and libraries for security vulnerabilities.
• Write and maintain secure software development processes, procedures, and other
associated documentation
• Translate cybersecurity standards into practical processes, procedures, and internal
standards
• Mentor software engineers in writing secure software
Basic Qualifications:
• Have a DoD Approved 8570 Baseline Certification for an IAM Level I role, or higher
• Position requires the ability to obtain a security clearance
• Experience applying STIGs and hardening Windows and Linux systems
• Server/workstation administration skills in both Windows and Linux
• Experience in running and managing vulnerability assessment tools
• Familiarity of relevant security standards such as: SAE J3061, NIST 800 series, FIPS 140
• Preferred Qualifications:
• Experience writing software in C/C++, Python, HTML/CSS, JavaScript
• Experience writing software for embedded controllers and IoT
• Familiarity applying STIGs to embedded systems
• Experience integrating symmetric and/or public key encryption into software applications
• Experience writing requirements for secure software systems
• Firewall and webserver administration experience, such as: Nginx, IIS, Tomcat and Apache
• Experience performing penetration tests on embedded and/or IoT systems
• Experience using and managing static analysis and software composition analysis tools
• Experience applying STIGs and hardening embedded systems
Preferred Qualifications:
• Experience writing software in C/C++, Python, HTML/CSS, JavaScript
• Experience writing software for embedded controllers and IoT
• Familiarity applying STIGs to embedded systems
• Experience integrating symmetric and/or public-key encryption into software applications
• Experience writing requirements for secure software systems
• Firewall and webserver administration experience, such as: Nginx, IIS, Tomcat and Apache
• Experience performing penetration tests on embedded and/or IoT systems
• Experience using and managing static analysis and software composition analysis tools
• Experience applying STIGs and hardening embedded systems