Auto-apply to these security jobs

Software Security Developer SME Job #1020

Clearance: Public Trust or ability to obtain

High-Level Project Summary/Intro:

Dev Technology Group is looking for a Software Security Developer Subject Matter Expert to support both Operations & Maintenance (O&M) and new development efforts for a federal government client. The ideal candidate will have relevant Cybersecurity experience, strong collaboration and communication skills, and the ability to manage complex work activities in a deadline-driven environment. This is a great opportunity to work on mission-critical systems that provide clear value to end users and our federal government clients.

What You'll Be Doing:

The Software Security Developer SME will be responsible for developing software applications, services, and systems (e.g., user-facing and back-end services). Key responsibilities of the Software Security Developer, SME include:

• Managing source code using industry version-control best practices.
• Researching new techniques and technologies to stay current in software development methodologies and tools.
• Utilizing code validation tools to ensure that source code is valid, is properly structured, meets industry standards, is secure, and is compatible with browsers, devices, or operating systems.
• Collaborating with stakeholders to define needs and/or specifications and develop proposed solutions.
• Testing and integrating developed software applications into the operational baseline.
• Performing test-driven development utilizing strong unit testing techniques to include test cases mimicking external interfaces and addressing all browser and device types.
• Modifying or enhancing existing software to correct errors, to adapt it to new hardware, or to upgrade interfaces and improve performance.
• Creating technical models, architectural artifacts, and/or prototypes that include physical, interface, logical, or data models (e.g., model view controller (MVC) programming practices).
• Sharing actionable/valuable information with colleagues and leadership and engaging with community as resident expert.
• Preparing reports and consulting with customers and other stakeholders to advise on technical issues, provide operational support, respond to questions, and offer status updates.
• Developing DevOpsSec (CI/CD) pipelines and incorporating security protocols while deploying infrastructure as code (IaC)
• Supporting security control assessments.
• Identifying opportunities to refine current and/or implement new security processes to continuously improve the program’s overall security posture.
• POA&M resolution support.

Required Education, Experience, and Skills:

• Bachelor’s degree in science, technology, engineering, and math (STEM) field and nine (9) years IT security (Cybersecurity) experience; OR No Bachelor’s Degree with eleven (11) or more years of IT security (Cybersecurity) experience
• Excellent communication skills, both verbal and written
• Agile development experience
• Excellent active listening skills
• Ability to discuss technical issues with non-technical, executive-level government officials

Preferred Education, Experience, and Skills:

Certifications:

• Certified Application Security Engineer (CASE) Certification or Certified Secure Software Lifecycle Professional (CSSLP) Certification.
• Certified Ethical Hacker (CEH) Certification or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP).
• AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer Professional.

Experience:

• DevSecOps & CI/CD: GitLab CI, Jira, Jenkins, Docker, Kubernetes, Infrastructure as Code (Terraform, CloudFormation), automated security scans, blue-green deployments,  branching strategy and implementation.
• Cloud-computing: concepts, capabilities, and applications as they relate to storage, processing, and dissemination and overall security.
• Cross-Team Collaboration: Working with multi-disciplinary teams to fulfill stakeholder requirements.
• Security & Compliance: NIST, FISMA, CIS Benchmarks, Zero Trust, FedRAMP, secure code reviews (SAST/DAST), incident response, threat modeling, vulnerability assessment, IDS/IPS (Snort/Suricata)
• Cloud & Virtualization: AWS (GovCloud, EC2, Lambda, ECS, EKS), Azure (VMs, Azure DevOps), container orchestration, microservices hardening
• Programming & Automation: Python, Java, Bash, PowerShell, scripted workflows, data parsing, security tooling
• Data & Analytics: SQL (MySQL, PostgreSQL), NoSQL (MongoDB, DynamoDB), Splunk, ELK Stack, Tableau, real-time logging/monitoring
• Leadership & Collaboration: Resource management, cross-functional coordination, Agile/Scrum methodologies, continuous improvement, mentorship
• Application Programming: Building web application programming interfaces (API) using standards established in NIST SP 800-204.
• Security Controls Assessments: Performing Security Control Assessment in compliance with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series quality standards.