Be an early applicantLess than 25 applicants

Company

IndraSoft · 6 hours ago

9129 - Software Vulnerability Technical Lead/Manager

Yorktown, VA

Full-time

Remote

Senior Level, Lead/Staff

10+ years exp

Maximize your interview chances

Consumer ElectronicsInformation Technology

No H1B

U.S. Citizen Only

Security Clearance Required

Insider Connection @IndraSoft

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Serve as the Technical Lead for Software Vulnerability Management Suite of Tools and daily operations

Serve as a Line Manager for staff supporting Cybersecurity Software Vulnerability Management Suite of Tools (Sonatype, Fortify, WebInspect, Burp, etc), ranging from a staff of 1 to 5 staff members over the life of the contract

Manage/oversee and or directly perform analyst and engineering duties. Provide surge support when the assigned analyst and engineer need to meet daily operations objectives

Maintain a POA&M inventory of applications

Review POA&M submissions, evaluate compliance, non-compliance, N/As, and false positives and prioritize recommendations for the development team

Conduct security reviews of application scan results

Provide approval or disapproval recommends for the Application Security Officer

Scan all applications annually as a minimum

Work with solution engineers, developers, and Deployable Technology Team to implement block/divest policy

Ensure applications scans prior to release to production

Ensure policies failing application build work properly

Ensure authorized access for all AppSec/Software Vulnerability tools

Demonstrate a strong knowledge and understanding of current security threats, techniques, and landscape

Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization’s needs

Support DevSecOPS integration

Provide SAST Product suite installation, configuration and tuning

Manage external data feeds integration (Dynamic Application Security Testing, Static Application Security Testing, Open Source Vulnerability Scanner, etc.) into the Security Center

Providing scanning support for over 550 applications, to include troubleshooting unsuccessful scans. Applications may increase upwards to 1000 by contract end

Facilitate and assist with the installation of any accounts, plugins, and software required by the development community

Coordinate with stakeholders to schedule and test AppSec tools’ upgrades and maintenance

Perform patch and vulnerability management across the security suite of tools

Collaborate with Product Owners, developers and engineers to enhance DAST/SAST/CAVM functionality and performance

Customize the implementation of DAST/SAST/CAVM in production and test environments

Understand and apply new policy violations

Maintain schedule and perform scans of web sites using specified tools as directed

Perform AppSec tools daily monitoring

Monitor and process AppSec ticket(s), such as but not limited to account management, application promotions to production, scan requests, inquiries, etc.

Conduct security evaluations of recommended vendor software for the enterprise

Collaborate with AppSec tool suite vendors

Collaborate with leadership to develop metrics based on enterprise situational awareness and monitoring

Provide Central Application Vulnerability Management (CAVM) performance metrics

Track, measure and evaluate application security compliance across the enterprise

Prepare and present weekly presentation status slides

Create and maintain SOPs for Fortify, Sonatype, WebInspect, Burp Suite, and Software Security Center

Facilitate AppSec meetings, and prepare meeting minutes

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

DoD 8570 IAT Level 3 certificationApplication developmentStatic vulnerability scanningDynamic vulnerability scanningOpen source vulnerability scanningWeb vulnerability scanningCASP+ CECCNP SecurityCISACISSPGCEDGCIHComputing Environment CertificationSASTDASTOASTIASTRASTCentral Application Vulnerability ManagementDoD cybersecurity policiesDevSecOps knowledgePowerShellPythonBashOWASP Top 10Web Application Penetration testingCASPCEHEnterprise environment experienceTechnical writing skills

Required

Must be a US citizen, possess a DoD Top Secret clearance: Minimum vetting Tier 5(T5)-Single Scope Background Investigation (SSBI)

Active DoD 8570 IAT Level 3 certification for compliance, including at least one of the following certifications in good standing: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH

Computing Environment Certification

Bachelor’s degree and 10+ years of Information Technology or Cybersecurity related experience

5+ years of experience as an application developer

3+ years of experience with management and operations of Static, Dynamic, open source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.

Experience managing and integrating SAST, DAST, OAST, IAST, and RAST with Central Application Vulnerability Management (CAVM) Solution

Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders

Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions

Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk

Knowledge of DoD cybersecurity policies, practices, and requirements

Strong organizational skills