The Software Security Developer works as a member of the development team to build applications, services, and systems (e.g., user-facing and back-end services) with a focus on security control design, development, techniques, and validation/verification. This includes researching new techniques and technologies to stay current in software development methodologies and tools specific to providing secure applications. They participate in all development, testing, deployment, and support activities. Additionally, they provide specific security expertise, mentoring the development team and participating in development of application security components. They mentor the testing team and help conduct testing focused on all security aspects of the application.
The projected compensation range for this position is $130,000-$160,000 (annualized USD). The final salary offered will generally fall within this range and is determined by various factors, including but not limited to the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as internal pay equity, location, contract-specific affordability and other organizational requirements.
Required Skills- Minimum 9 years IT security (Cybersecurity) experience with Bachelor’s degree in science, technology, engineering, and math (STEM)
- Experience can be considered in lieu of degree
- Experience applying software security techniques, controls, and best practices to mitigate risk against malicious atacks and ensure continued operations
- At least one of the non-AWS certifications listed in the desired skill
Desirable Skills
- Certified Application Security Engineer (CASE) Certification or Certified Secure Software Lifecycle Professional (CSSLP) Certification
- Certified Ethical Hacker (CEH) Certification or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
- AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer Professional
- Experience with DevOpsSec pipeline tools including configuration management, requirements (e.g. JIRA), automated testing, automated deployments, blue green deployments, and branching strategy and implementation
- Experience in cloud computing including concepts, capabilities, and applications as they relate to storage, processing, dissemination, and overall security
- Experience with Java, Python, and JavaScript to build complex software applications
- Experience with agile development methodologies and multi-disciplinary teams
- Experience building web APIs using standards established in NIST SP 800-204
- Demonstrated experience with software development lifecycle (SDLC)
- Demonstrated expertise in developing and managing governance policy (i.e., software development standards, best practices in building and maintaining software)
- Experience with Security Control Assessments with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series