Amyx is seeking to hire a Secure Software Assessor-Intermediate to support our Cybersecurity Division/NGA Defender in the NCE-Springfield, VA. area. Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.

Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews.
• Apply secure code documentation.
• Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
• Develop threat model based on customer interviews and requirements.
• Consult with engineering staff to evaluate interface between hardware and software.
• Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
• Identify basic common coding flaws at a high level.
• Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise's computer systems in software development.
• Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
• Perform integrated quality assurance testing for security functionality and resiliency attack.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
• Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
• Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
• Perform penetration testing as required for new or updated applications.
• Consult with customers about software system design and maintenance.
• Direct software programming and development of documentation.
• Supervise and assign work to programmers, designers, technologists and technicians, and other engineering and scientific personnel.
• Analyze and provide information to stakeholders that will support the development of security application or modification of an existing security application.
• Analyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandates.
• Conduct trial runs of programs and software applications to ensure that the desired information is produced and instructions and security levels are correct.
• Develop secure software testing and validation procedures.
• Develop system testing and validation procedures, programming, and documentation.
• Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities.
• Determine and document software patches or the extent of releases that would leave software vulnerable.

Microsoft Office Suites; SharePoint; ServiceNow, Xacta, Archer

Required:

• Bachelor degree or higher from an accredited college or university (Recommend an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.)
• Clearance: TS/SCI
• 8140 Certification: CSSLP
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• Skill in designing countermeasures to identified security risks. Skill in developing and applying security system access controls.
• Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
• Skill in integrating black box security testing tools into quality assurance process of software releases.
• Skill in secure test plan design (e. g. unit, integration, system, acceptance).
• Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).
• Skill in using code analysis tools.
• Skill in performing root cause analysis.
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Ability to use and understand complex mathematical concepts (e.g., discrete math).
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

Benefits include:

• • • Medical, Dental, and Vision Plans (PPO & HSA options available)
    • Flexible Spending Accounts (Health Care & Dependent Care FSA)
    • Health Savings Account (HSA)
    • 401(k) with matching contributions
    • Roth
    • Qualified Transportation Expense with matching contributions
    • Short Term Disability
    • Long Term Disability
    • Life and Accidental Death & Dismemberment
    • Basic & Voluntary Life Insurance
    • Wellness Program
    • PTO
    • 11 Holidays
    • Professional Development Reimbursement

Please contact talent@amyx.com with any questions!

Amyx is an Equal Opportunity employer. Amyx is committed to providing equal employment opportunity to all job seekers. Every qualified applicant receives focused consideration for employment and no one is discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status. In addition to federal law requirements, Amyx complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Equal Opportunity Employer- Minorities/Females/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity. Amyx is an E-Verify employer.

Amyx proudly and proactively takes affirmative action to advance employment of individuals who are minorities, women, protected veterans and individuals with disabilities.


Physical Demands

Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.