Software Security Analyst

TrellisWare launched in 2000 with an innovative culture striving to push technological boundaries in the area of wireless communications. We are now a worldwide leader in highly advanced algorithms, waveforms, and communications systems that range from small form factor radio products to fully integrated solutions.

At TrellisWare, we connect passion with purpose and together we make an impact- on our careers, our company, and the world. And you can too. If you love to innovate and collaborate in a dynamic environment where boundaries are being pushed, you belong at TrellisWare. Where the opportunity to serve is not a challenge but a gift. Where you’re never going alone. Because there’s too much at stake to go solo.

Our Radio Products Team is seeking a hybrid Software Security Analyst. You would be a member of the Cyber Security Team working on next generation self-networking hand-held software defined radios and associated companion products for domestic and foreign defense forces. Specifically, you are responsible for evaluating to ensure that TrellisWare software radio products are designed and implemented with security as a core requirement utilizing defensive radio product security measures. The Software Security Analyst is expected to perform vulnerability assessment and penetration testing, threat modeling, incident response, ensure regulator compliance and policy enforcement while building trust with the end customer.

A typical day might start with you working in your personal office researching emerging threats, and hacking techniques.  It could move into one of our many state-of-the-art labs with your teammates to conduct a vulnerability assessment and risk analysis. Enhancing cohesiveness and maintaining team morale is a responsibility of all our team members, as is the ambition for self-improvement and talent development. Through this dedication to unity and professional advancement, each team member is directly impacting the successful outcome of TrellisWare’s deliverables and setting the tone for our core values of delivering excellence, pushing boundaries, and empowering people.

The essential duties and responsibilities include:

• Conduct software product security assessments and vulnerability testing.
  • Regular scanning and penetration testing.
  • Threat analysis.
  • Static and dynamic analysis and security testing.
  • Maintain currency of evolving security threats, technologies, and regulatory changes.
• Analyze and review functional system design specifications, and ensure security policy compliance.
  • Participate in software system architectural and component design reviews .
  • Reverse engineer software components for hidden bugs or malicious code.
• Evaluate and ensure secure COMSEC key and certificate distribution, authentication, and assignment.
• Investigate security related incidents.
  • Determine root cause and verify mitigation updates.
• Document and present product security compliance using standard professional practices and corporate defined engineering processes.
  • FIPS 140 compliance.
  • NIST STIG compliance.
• Develop relationships with team members built on trust and respect.

Education and work experience requirements are:

• Bachelor’s degree in Computer Science, Cybersecurity, or Information Technology or related field of study required.
• Minimum of 5 years’ industry experience with at least three years in software development and at least two years in auditing and vulnerability testing.
• Proficiency with Python, C/C++ and an understanding of operating systems, and network protocols.
• Experience performing penetration testing (ethical hacking) and security scans.
• At least one certification: CompTIA Security+, CISSP, OSCP, or SANS/GIAC.

To be considered for this position, you would need to meet, at a minimum, the knowledge, skills, and abilities listed here:

• Experience with the full software development life cycle, including system design, threat modeling, and secure code implementation.
• Familiarity with encryption devices and secure key management required.
• Familiarity with embedded software defined tactical radio security required.
• Experience with threat modeling, secure coding practices, and identification of software vulnerabilities.
• Experience with cybersecurity scanning tools; Nessus, Qualys VMDR, Trivy, or Rapid7.
• Experience with NIST, ISO 27001, CIS Controls or OWASP.
• C++, Python, or Java.
• Distributed revision control systems (GitHub).
• You can think on your feet - you are analytical, pay attention to detail and are able to communicate your thought process both written and verbally.
• You are able, and enjoy working independently as well as in a team environment.
• Strong collaborative drive and interpersonal skills.
• Strong initiative, proactive work ethic and prioritization skills.
• Trustable judgement and analytical problem-solving skills.
• Effective execution and decision making.
• Champion of change and promotes innovation.
• Strong written and verbal communication skills.

The physical demands described here represent those that must be met in order to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable those with qualified disabilities.

• Able to frequently sit, stand, walk, use hands to fingers, handle or feel, reach within hands and arm’s length, stoop, kneel, and crouch, talk and hear.
• Regularly required to sit for extended periods of time; frequently required to use office equipment such as PC, printer, telephone, etc.
• Able to regularly lift and/or move up to 10 pounds, frequently lift and/or move up to 25 pounds, and occasionally lift and/or move up to 50 pounds.
• Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus.

Additional requirements are:

• U.S. Citizenship.

Note: Many of TrellisWare's positions require a security clearance or the ability to obtain one. Security clearances may only be granted to U.S. citizens. In addition, applicants who accept a conditional offer of employment may be subject to government security investigation(s) and must meet eligibility requirements for access to classified information.

Disclaimer – The above statements are not intended to be an exhaustive list of all responsibilities, duties and skills required of personnel so classified. Nothing in the job description restricts the company's right to change, assign, or reassign duties and responsibilities at any time for any reason.

*TrellisWare Technologies, Inc. is an EEO/AA/Disability/Vets Employer.*

Check out the Careers page for more information about working at TrellisWare Technologies.