CACI is currently looking to hire multiple Software Assurance Professionals that have web application development experience to join the Risk and Accreditation team to support a government clients DAO. We are looking for individuals that have at least 2+ years of experience to SME level. Members of the Software Approval Process (SWAP) review all non-Standard software and analyze results. Prepare reports and recommendations that document test and evaluation results to provide evaluations of program and system vulnerabilities as they relate to the reviewed software. Based upon Key Component request, reviews open source and foreign owned software in order to make a risk determination associated with its use and makes risk acceptance recommendation to the DAO.
- Review and test security configuration baselines for facilities, systems, and processes, and ensure the continuing validity of baselines and Prepare reports and recommendations that document test and evaluation results
- Conduct Software assurance testing using software vulnerability testing tools
- Conduct Foreigner Owned Controlled and Influence assessments
- Conduct Software Approval Open Source assessments
- Conduct NGA developed custom code assessments
- DoD 8570 Certification IAT or IAM Level III within 6 months of hire
- Knowledge in software development using Java, Microsoft .NET (C# or VB) OR C/C++ 5+ years. Knowledge of common build tools (e.g. ant, make, maven, msbuild, etc.).
- Knowledge in developing and/or deploying web applications. Knowledge of software, computer, and network architectures.
- Knowledge and experience in enterprise security or application security. Prior experience working with Federal government organizations (DoD, Civilian agencies).
- Be highly motivated, competitive, entrepreneurial and attracted to challenging opportunities. Have demonstrated the ability to work in a fast-paced environment where organizational skills are essential; have strong problem solving, analytical, interpersonal, and ownership skills.
- Possess excellent collaboration skills with a wide variety of internal team members. Be an intelligent, self-starting, self-confident individual with integrity and accountability. Possess strong written and verbal communication skills as well as presentation skills.
- Knowledge of Mobile application security testing experience a plus.
- Experience using of HPE Fortify or HPE WebInspect or similar tools
- Experience with multiple operating systems is strongly desired.
- CISSP, CSSLP, CISA, CEH, and/or MCSE/MCITP certifications are preferable.
EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and two to 15 years of related experience.
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.