The Software Security Developer works as a member of the development team to build applications, services, and systems (e.g., user-facing and back-end services) with a focus on security control design, development, techniques, and validation/verification. This includes researching new techniques and technologies to stay current in software development methodologies and tools specific to providing secure applications. They participate in all development, testing, deployment, and support activities. Additionally, they provide specific security expertise, mentoring the development team and participating in development of application security components. They mentor the testing team and help conduct testing focused on all security aspects of the application.
Required Skills
Minimum 9 years IT security (Cybersecurity) experience with Bachelor’s degree in science, technology, engineering, and math (STEM)
Experience can be considered in lieu of degree
Experience applying software security techniques, controls, and best practices to mitigate risk against malicious atacks and ensure continued operations
At least one of the non-AWS certifications listed in the desired skill
Desirable Skills
Certified Application Security Engineer (CASE) Certification or Certified Secure Software Lifecycle Professional (CSSLP) Certification
Certified Ethical Hacker (CEH) Certification or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer Professional
Experience with DevOpsSec pipeline tools including configuration management, requirements (e.g. JIRA), automated testing, automated deployments, blue green deployments, and branching strategy and implementation
Experience in cloud computing including concepts, capabilities, and applications as they relate to storage, processing, dissemination, and overall security
Experience with Java, Python, and JavaScript to build complex software applications
Experience with agile development methodologies and multi-disciplinary teams
Experience building web APIs using standards established in NIST SP 800-204
Demonstrated experience with software development lifecycle (SDLC)
Demonstrated expertise in developing and managing governance policy (i.e., software development standards, best practices in building and maintaining software)
Experience with Security Control Assessments with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series
US citizen preferred