Apply Now    

Software Assurance Engineer

Req #: 201009
Location: St. Louis, MO US
Job Category: Information Technology
Security Clearance: TS/SCI
Clearance Status: Must Be Current

Job Description

What You’ll Get to Do:

As a member of the Software approval process (SWAP), you will review all non-Standard software and analyze results. You will prepare reports and recommendations that document test and evaluation results to provide evaluations of program and system vulnerabilities as they relate to the reviewed software.  Based upon Key Component request, you will review open source and foreign owned software to make a risk determination associated with its use and will make risk acceptance recommendation to the DAO. 


More About the Role:

  • Review and test security configuration baselines for facilities, systems, and processes, and ensure the continuing validity of baselines
  • Prepare reports and recommendations that document test and evaluation results
  • Conduct Software assurance testing using software vulnerability testing tools
  • Conduct Foreigner Owned Controlled and Influence assessments
  • Conduct Software Approval Open Source assessments
  • Conduct NGA developed custom code assessments
  • Conduct source-code analysis or research to identify whether software contains vulnerabilities or is foreign owned, controlled, or influenced
  • Supports Secure Code Review efforts to enable the analysis of custom applications and software used by NGA
  • Determine the risk of using commercial, government, and open source software within Agency
  • Investigate the software’s provenance and history of use within Agency
  • Categorize software based on potential risk indicators
  • Coordinate with internal and external Offices of Primary Responsibility (e.g., Counter-Intelligence) to determine risks related to foreign owned, controlled, or influenced software
  • Identify vulnerabilities and verify that vulnerabilities are mitigated
  • Provide input for generating Memorandum of Approvals using the SWAP tool
  • Consult with SWAP tool developers to provide user stories, participate in planning meetings and demonstrations to enable adjustments to the SWAP tool
  • Analyze problem reports and identify corrective actions to remediate security issues in code prior to the software transitioning from development to operations
  • Recommend new code analysis tools and innovative techniques to strengthen software assurance processes.   
  • Provide Information System Owner’s guidance on effective implementation of NGA software code analysis tool(s) during the SDLC to include:
    • Plan scanning resource requirements
    • Specify what source code will be evaluated
    • Integrate scans within software build processes.
    • Provide subject matter expertise for integrating software code analysis within NGA DevOps environments
    • Integrate code analysis tools with DevOps software development and test tools and processes
    • Update and maintain code analysis tools in NGA’s DevOps environments
    • Develop processes for analyzing scan reports within the DevOps cadence

You’ll Bring These Qualifications:

  • Must have DoD 8570 Certification IAT or IAM Level III or within 6 months of hire
  • Typically has a University Degree (BA/BS) or equivalent experience and minimum 10 years of related work experience.
  • 5+ years in software development using Java, Microsoft .NET (C# or VB) OR C/C++
  • Knowledge of common build tools (e.g. ant, make, maven, msbuild, etc.)
  • Knowledge in developing and/or deploying web applications
  • Knowledge of software, computer, and network architectures
  • Knowledge and experience in enterprise security or application security
  • Be highly motivated, competitive, entrepreneurial and attracted to challenging opportunities
  • Have demonstrated the ability to work in a fast-paced environment where organizational skills are essential; have strong problem solving, analytical, interpersonal, and ownership skills
  • Possess excellent collaboration skills with a wide variety of internal team members
  • Be an intelligent, self-starting, self-confident individual with integrity and accountability
  • Possess strong written and verbal communication skills as well as presentation skills

These Qualifications Would be Nice to Have:

  • Knowledge of Mobile application security testing experience a plus
  • Experience with multiple operating systems is strongly desired
  • CISSP, CSSLP, CISA, CEH, and/or MCSE/MCITP certifications are preferable



What We Can Offer You:

- We’ve been named a Best Place to Work by the Washington Post.

- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.

- We offer competitive benefits and learning and development opportunities.

- We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.

- For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.

 

Job Location

US-St. Louis-MO-ST LOUIS


 

CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.

Apply Now    
Link for schema