Technical and Management Resources, Inc.

  • Code Reviewer

    Job Locations US-MD-Fort Meade
    Posted Date 1 month ago(11/12/2018 1:14 PM)
    Job ID
    2018-2420
    Security Clearance
    Secret
  • Overview

    Requirements:

    • Technical competence in performing security code analysis using tools like AppScan Source
    • Technical competence in application development (Java, .NET, C, C++, …)
    • Technical competence in development frameworks (Struts, Spring and JSF)
    • Technical competence in configuring, managing and supporting tools like AppScan Source and AppScan Enterprise
    • Technical competence in application security
    • Application build process & tools
    • Knowledge of tools including AppScan Source, SonarQube and the OWASP Dependency Checker to identify vulnerabilities
    • Understanding of application security methodologies and processes mandated by the IRM
    • NIST 800 53 SA-11 Developer Security Testing Requirements
    • Applies current principles and techniques to complete testing, quality assurance review and evaluation of new and existing software products.
    • Experience using appropriate Vulnerability Testing tools, examples in NIST 800-115, specifically AppScan Source, SonarQube and the OWASP Dependency Checker
    • Vulnerability Testing (skills and methodology). Experience integrating SAST tools into their development environments, to enable build automation and DevSecOps
    • Expertise providing knowledge transfer and assistance to developers for use of scanning tools throughout development, including AppScan Source install,
    • Knowledge of Application build process & tools

    Responsibilities

    Responsibilities:

    The Code Reviewer will be part of a multi-functional team. Responsibilities include, but are not limited to:

    Review, analyze, assist in prioritization of findings; develop actionable reports for business unit and IT project teams responsible for mitigating vulnerabilities. Develop and document a repeatable process for reviewing, analyzing, assisting in prioritization of findings and developing actionable reports; support IRS in execution of network/operating system and database vulnerability scans. Operate and maintain the Enterprise Static Application Security Testing (SAST) software (currently AppScan Source). Assist business unit and IT project teams in understanding scan output. Assist in enabling application projects development teams to understand how to leverage scanning tools during the development process to help them meet S NIST 800-53 SA-11 security requirements in a rapid development and DevOps environments Build and document repeatable processes for integration of the scanning tools into the rapid development process.

    Qualifications

    Minimum Qualifications:

    • Minimum of 5 (five) years of experience in performing software development, and 3 (three) years of specialized experience performing security code reviews
    • Minimum 2 (two) years’ experience utilizing static code scanning tools such as HPe Fortify or Checkmarx to perform security assessments
    • Knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers
    • Basic to intermediate knowledge of SQL and prior experience with programming in one or more server-side technologies such as Java, JSP, Javascript , PHP, ASP.Net etc.
    • Demonstrates proven extensive knowledge of application security, network segregation, access controls, IDS/IPS devices, cryptography, physical security, and information security risk management
    • Demonstrates knowledge of Networking protocols, TCP/IP stack, systems architecture, and operating systems
    • Demonstrates knowledge of common programming and scripting languages, such as Python, PowerShell, Ruby, or Bash
    • Cybersecurity frameworks and related industry-leading practices such as NIST, FFIEC, and OWASP

    Certifications: One or more of the following: CISSP, EC-Council Certified Secure Programmer, Certified Secure Software Lifecycle Professional (CSSLP), SANS Global Information Assurance Certification (GIAC) Secure Software Programmer (.NET or JAVA), HP ATP – Fortify Security V1, or another comparable certification and or experience.

     

    Education: Bachelor’s degree in related technical field

     

    Clearance Level: Must be able to Pass Public Trust Clearance

     

    Technical and Management Resources, Inc. is an Equal Opportunity Employer and does not discriminate with regard to race, color, religion, sex, age, national origin, disability, or Vietnam veteran status. This policy affirms TMR’s commitment to the principles of fair employment and the elimination of discriminatory practices. We encourage all employees to take advantage of opportunities for promotion as they occur.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed