Apply on Employer Site

Summit Technologies & Solutions, Inc. · 15 hours ago

Junior Software Engineer

Colorado Springs, CO

Full-time

Onsite

New Grad, Entry Level

$85K/yr - $95K/yr

0+ years exp

Summit Technologies & Solutions, Inc. is seeking a Junior Software Engineer to support the Missile Defense Agency on the Integrated Research and Development for Enterprise Solutions contract. The role involves performing software security audits, identifying vulnerabilities, and assisting with risk mitigation strategies.

Information TechnologyManagement ConsultingProfessional Services

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Learn to perform software security audits identifying risks associated with software and provide a comprehensive security assessment for the MDA IC ISSM. This will include known vulnerabilities published to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD)

Discover and compile a list of dependencies/bill of materials for software being audited

Use a variety of tools to discover vulnerabilities within a software application

Use various programming/scripting/query languages to correlate industry best practices for secure software development

Identify common security issues including input validation, error and exception handling, logging, access controls, SQL Injection, cross-site scripting (XSS), etc. and articulate how to mitigate or reduce their impact

Help correlate Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) vulnerabilities and other policies with vulnerabilities discovered and documenting them to be consumable by a wide audience

Monitor a queue of requests for software security audits

Assist with developing reporting metrics for team activities

Occasional Interaction with requesters of varied backgrounds to determine use-case scenarios, understand application architecture and to help determine risk mitigation strategies

Qualification

Software security auditsIAT Level II CertificationProgramming languagesFortify Source Code AnalyzerSecure programming theoryDatabasesMicrosoft Development certificationTeam environmentWillingness to learnCommunication skills

Required

Must have 6, or more, months of IT related experience

Must be conceptually familiar with databases

Must be familiar with at least one programming or scripting language and know the difference between compiled and interpreted languages

Must be able to maintain a restricted badge and work on site 4+ days per week

Must have a current IAT Level II Certification (Security+ CE) or be able to obtain within 6 months of hire

Must have, or obtain, an active DoD Secret Clearance

Be able to perform manual code reviews to filter out false positive results for automated code review findings

Be familiar with secure programming theory, common software and database security vulnerabilities, and remediation processes

Have experience with one/any of the following languages/technologies: .NET, VB, Java, C+, C++, C, JavaScript, Python, PowerShell, Team Foundation Server (TFS), JIRA, Get, Internet Information Service (IIS), Tomcat, Docker, Kubernetes, SQL Server, Oracle Database, Angular, MVC, HTML, ASP, Bash, and Perl

Be proficient in using Fortify Source Code Analyzer (SCA)

Have excellent written, verbal and interpersonal communications skills

Have a Microsoft Development certification such as Azure, Foundations, etc

Have a familiarity with the MDA and BMDS programs