Job title: Junior Software Assurance Engineer
Company: HX5
Job description: Junior Software Assurance Engineer
Engineer Sr Step 2
Schriever SFB
Colorado Springs, ColoradoHX5 is an award-winning provider of engineering, research and development, and technical services to clients such as NASA and the Department of Defense. Founded in 2004, HX5 is a fast-growing veteran- and woman-owned company with locations nationwide.HX5 is currently seeking a Junior Software Assurance Engineer to support the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract at Schriever Air Force Base in ColoradoEssential Duties and Responsibilities:
- Learn to perform software security audits identifying risks associated with software and provide a comprehensive security
assessment for the MDA IC ISSM. This will include known vulnerabilities published to the National Institute of Standards
and Technology (NIST) National Vulnerability Database (NVD). * Discover and compile a list of dependencies/bill of materials for software being audited.
- Use of various tools to discover vulnerabilities within a software application.
- Use various programming/scripting/query languages to correlate industry best practices for secure software
development. * Identify common security issues including input validation, error and exception handling, logging, access controls, SQL
- Injection, cross-site scripting (XSS), etc. and articulate how to mitigate or reduce their impact.
- Help correlate Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)
vulnerabilities and other policies with vulnerabilities discovered and documenting them to be consumable by a wide
audience. * Monitor a queue of requests for software security audits.
- Assist with developing reporting metrics for team activities.
- Occasional Interaction with requesters of varied backgrounds to determine use-case scenarios, understand application
architecture and to help determine risk mitigation strategies.The successful candidate will:
- Be able to independently perform all aspects of software code auditing.
- Have the ability to translate technical data into a format understood by individuals form varied backgrounds.
- Be articulate, in both written and verbal communication, able to brief senior Contract and Government leadership.
- Work in a fast-paced, high-pressure, changing environment.
- Be able to use the STIG viewer and identify, understand and apply STIGs required for review of the software.
- Have a strong commitment to a team environment.
- Possess a willingness to learn new technologies.
- Have the ability to de-conflict request/requirements.
Salary Information: This position is expected to pay $69,500 – $94,500 annually; depending on experience, education, and any certifications that are directly related to the position.Education and Experience:
- Must have one of the following combinations of education and experience:
- HS Diploma (or GED) and six (6) years of general experience
- Associate’s degree and four (4) years of general experience
- Bachelor’s degree and two (2) years of general experience
- Master’s degree
- Must have four (4) years of directly related.
- Must be conceptually familiar with databases.
- Must be familiar with at least one programming or scripting language and know the difference between compiled and
interpreted languages. * Must be able to maintain a restricted badge and work on site 3+ days per week.
- Must have a current IAT Level II Certification (Security+ CE) or be able to obtain within 6 months of hire.
Desired Requirements:
- Be able to perform manual code reviews to filter out false positive results for automated code review findings.
- Be familiar with secure programming theory, common software and database security vulnerabilities, and remediation
processes. * Have experience with one/any of the following languages/technologies: .NET, VB, Java, C+, C++, C, JavaScript, Python,PowerShell, Team Foundation Server (TFS), JIRA, Get, Internet Information Service (IIS), Tomcat, Docker, Kubernetes,
SQL Server, Oracle Database, Angular, MVC, HTML, ASP, Bash, and Perl. * Be proficient in using Fortify Source Code Analyzer (SCA).
- Have excellent written, verbal and interpersonal communications skills.
- Have a Microsoft Development certification such as Azure, Foundations, etc.
- Have a familiarity with the MDA and BMDS programs.
Position Type/Expected Hours of Work:This is a full-time position requiring 40 hours per week and offers a flexible work schedule Monday through Friday during core business hours.Other Position Requirements:
- Proof of U.S. Citizenship or US Permanent Residency is a requirement for this position.
- Must be able to complete a U.S. government background investigation.
- Must be able to obtain a Secret clearance.
- Must be able to travel, including air travel.
- Must have a valid Drivers License.
HX5 offers a competitive salary and benefits package to include:
- Medical/Dental/Vision Insurance
- 401(k) plan with Company Match
- Paid Holidays
- Paid Time Off
- Parental Leave
- Life Insurance
- Tuition Reimbursement
- Identity Protection
- Medical and Dependent Care Flexible Spending Accounts
- Commuter/Transit Spending Accounts
- Group Legal Coverage Options
- Pet Insurance
HX5, LLC is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.HX5, LLC is a Drug Free Workplace Employer.ACCESSIBILITY NOTICE:
If you need a reasonable accommodation for any part of the employment process due to a physical or mental disability, please call (850) 362-6551.CJ
Expected salary: $69500 – 94500 per year
Location: Colorado Springs, CO
Job date: Thu, 23 Jan 2025 06:36:46 GMT
Apply for the job now!