9129 - Software Vulnerability Technical Lead/Manager @ IndraSoft | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
9129 - Software Vulnerability Technical Lead/Manager jobs in Yorktown, VA
Be an early applicantLess than 25 applicants
company-logo

IndraSoft · 1 day ago

9129 - Software Vulnerability Technical Lead/Manager

ftfMaximize your interview chances
Consumer ElectronicsInformation Technology
badNo H1BnoteU.S. Citizen OnlynoteSecurity Clearance Requirednote

Insider Connection @IndraSoft

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Serve as the Technical Lead for Software Vulnerability Management Suite of Tools and daily operations
Serve as a Line Manager for staff supporting Cybersecurity Software Vulnerability Management Suite of Tools (Sonatype, Fortify, WebInspect, Burp, etc), ranging from a staff of 1 to 5 staff members over the life of the contract
Manage/oversee and or directly perform analyst and engineering duties. Provide surge support when the assigned analyst and engineer need to meet daily operations objectives
Maintain a POA&M inventory of applications
Review POA&M submissions, evaluate compliance, non-compliance, N/As, and false positives and prioritize recommendations for the development team
Conduct security reviews of application scan results
Provide approval or disapproval recommends for the Application Security Officer
Scan all applications annually as a minimum
Work with solution engineers, developers, and Deployable Technology Team to implement block/divest policy
Ensure applications scans prior to release to production
Ensure policies failing application build work properly
Ensure authorized access for all AppSec/Software Vulnerability tools
Demonstrate a strong knowledge and understanding of current security threats, techniques, and landscape
Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization’s needs
Support DevSecOPS integration
Provide SAST Product suite installation, configuration and tuning
Manage external data feeds integration (Dynamic Application Security Testing, Static Application Security Testing, Open Source Vulnerability Scanner, etc.) into the Security Center
Providing scanning support for over 550 applications, to include troubleshooting unsuccessful scans. Applications may increase upwards to 1000 by contract end
Facilitate and assist with the installation of any accounts, plugins, and software required by the development community
Coordinate with stakeholders to schedule and test AppSec tools’ upgrades and maintenance
Perform patch and vulnerability management across the security suite of tools
Collaborate with Product Owners, developers and engineers to enhance DAST/SAST/CAVM functionality and performance
Customize the implementation of DAST/SAST/CAVM in production and test environments
Understand and apply new policy violations
Maintain schedule and perform scans of web sites using specified tools as directed
Perform AppSec tools daily monitoring
Monitor and process AppSec ticket(s), such as but not limited to account management, application promotions to production, scan requests, inquiries, etc.
Conduct security evaluations of recommended vendor software for the enterprise
Collaborate with AppSec tool suite vendors
Collaborate with leadership to develop metrics based on enterprise situational awareness and monitoring
Provide Central Application Vulnerability Management (CAVM) performance metrics
Track, measure and evaluate application security compliance across the enterprise
Prepare and present weekly presentation status slides
Create and maintain SOPs for Fortify, Sonatype, WebInspect, Burp Suite, and Software Security Center
Facilitate AppSec meetings, and prepare meeting minutes

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

DoD 8570 IAT Level 3 certificationApplication developmentStatic vulnerability scanningDynamic vulnerability scanningOpen source vulnerability scanningWeb vulnerability scanningCASP+ CECCNP SecurityCISACISSPGCEDGCIHComputing Environment CertificationSASTDASTOASTIASTRASTCentral Application Vulnerability ManagementDoD cybersecurity policiesDevSecOps knowledgePowerShellPythonBashOWASP Top 10Web Application Penetration testingCASPCEHEnterprise environment experienceTechnical writing skills

Required

Must be a US citizen, possess a DoD Top Secret clearance: Minimum vetting Tier 5(T5)-Single Scope Background Investigation (SSBI)
Active DoD 8570 IAT Level 3 certification for compliance, including at least one of the following certifications in good standing: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH
Computing Environment Certification
Bachelor’s degree and 10+ years of Information Technology or Cybersecurity related experience
5+ years of experience as an application developer
3+ years of experience with management and operations of Static, Dynamic, open source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.
Experience managing and integrating SAST, DAST, OAST, IAST, and RAST with Central Application Vulnerability Management (CAVM) Solution
Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
Knowledge of DoD cybersecurity policies, practices, and requirements
Strong organizational skills

Preferred

DevSecOps knowledge and experience
Hands-on experience in scripting such as PowerShell, Python, or Bash
Understanding of OWASP Top 10
Hands-on experience with Web Application Penetration testing and vulnerability scanning
Experience in an enterprise environment (1500 servers plus 2500 workstations)
Strong technical writing skills
CISSP, CASP, CEH

Company

IndraSoft

twittertwittertwitter
company-logo
Hiring

Funding

Current Stage
Growth Stage
Company data provided by crunchbase
logo

Orion

Your AI Copilot