Software Vulnerability Technical Lead​/Manager

9129 - Software Vulnerability Technical Lead/Manager

Job Category: Information Technology

Requisition Number: 7047I003507

Apply now

• Posted :
  August 30, 2021
• Full-Time

Showing 1 location

Job Req

Title:

Software Vulnerability Technical Lead/Manager

Indra Soft, Inc. is seeking a highly qualified Subject Matter Expert (SME) level Software Vulnerability Technical Lead/Manager with an active Top Secret clearance to support our DoD client, located in Seaside, CA. The selected, highly motivated candidate will manage the daily operations of Software Vulnerability analyst and engineering duties. The Lead/Manager will directly perform as both an analyst and an engineer, during surge and deadline time frames.

The successful candidate will leverage demonstrated application development experience, coupled with proven subject matter expertise in Static, Dynamic, open source, and web vulnerability scanning to support DoD cybersecurity requirements and objectives.

Qualifications

Required:

• Must be a US citizen, possess a DoD Top Secret clearance:
  Minimum vetting Tier 5(T5)-Single Scope Background Investigation (SSBI)
• Active DoD 8570 IAT Level 3 certification for compliance, including at least one of the following certifications in good standing: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH
• Computing Environment Certification
• Bachelor’s degree and 10+ years of Information Technology or Cybersecurity related experience
• 5+ years of experience as an application developer
• 3+ years of experience with management and operations of Static, Dynamic, open source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.
• Experience managing and integrating SAST, DAST, OAST, IAST, and RAST with Central Application Vulnerability Management (CAVM) Solution
• Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
• Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
• Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
• Knowledge of DoD cybersecurity policies, practices, and requirements
• Strong organizational skills

Qualifications Desired:

• Dev Sec Ops  knowledge and experience
• Hands-on experience in scripting such as Power Shell, Python, or Bash
• Understanding of OWASP Top 10
• Hands-on experience with Web Application Penetration testing and vulnerability scanning
• Experience in an enterprise environment (1500 servers plus 2500 workstations)
• Strong technical writing skills
• CISSP, CASP, CEH

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

Essential Functions and Responsibilities:

• Serve as the Technical Lead for Software Vulnerability Management Suite of Tools and daily operations
• Serve as a Line Manager for staff supporting Cybersecurity Software Vulnerability Management Suite of Tools (Sonatype, Fortify, Web Inspect, Burp, etc), ranging from a staff of 1 to 5 staff members over the life of the contract
• Manage/oversee and or directly perform analyst and engineering duties. Provide surge support when the assigned analyst and engineer need to meet daily operations objectives
• Analyst Functions
• POA&MS
• Maintain a POA&M inventory of applications
• Review POA&M submissions, evaluate compliance, non-compliance, N/As, and false positives and prioritize recommendations for the development team
• Conduct security reviews of application scan results
• Provide approval or disapproval recommends for the Application Security Officer
• Scan all applications annually as a minimum
• Work with solution engineers, developers, and Deployable Technology Team to implement block/divest policy
• Ensure applications scans prior to release to production
• Ensure policies failing application build work properly
• Ensure authorized access for all App…