4 months ago
Sr. Software Assurance Engineer/STIG/RMF/Secure Coding/SCA/RedHat
Job ID: 463199BR Date posted: Dec. 18, City: Manassas State: VirginiaProgram: ACINT
Description:This position is for an Cybersecurity Professional in the Rotary & Mission Systems Engineering and Technical organization, located in Manassas, VA. The Cybersecurity Professional will participate in designing, developing, and implementing security controls to preserve the confidentiality, integrity and availability of information systems. Play a key role in dynamic environment integrating security configuration procedures and tools on Linux platforms.
This includes security life cycle support such as:
• Vulnerability management including patch management using Cybersecurity tools
• Source Code Analysis
• Assess and Authorization including selecting/implementing security controls
• Documentation Review
• Cyber Security testing, evaluation, and reporting
• Platform hardening
Collaboration with Cybersecurity team and other key stakeholders such as the customer, program management, integrators and testers on the platform security will be required to improve the overall security posture. Identify technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls. Adhere to IT security guidance specific to the systems in support of DoD mandates and system missions.
Understanding of secure coding best practices and approaches to applying defensive security techniques. Provide security engineering leadership and expertise in assisting with the development and delivery of security documentation packages consistent with federal requirements, specifically the DOD 8500 series, NIST SP 800-53 and ICD 503. Support assessment and authorization activities with various government authorities and Security Control Assessor (SCA) required system accreditations. Participate in architecture, design and code reviews and provide secure coding guidance and input to the software development team.
Perform Static Code Analysis (SCA) on software code base and work collaboratively with software developers to remedy any code that was constructed that reflects a weak security posture or deviates from secure coding best practices.
1. Must be eligible for US Security Clearance - Secret to start.
2. DoD 8570 certification IAT Level I or II.
3. Experience in RedHat Linux as a competent user (i.e., knowledgeable of some UNIX admin commands and functions).
5. Experienced in Vulnerability Scanning, Vulnerability Remediation, and Secure Configurations support (i.e. DISA STIGS and SRGs)
6. Ability to apply formal cybersecurity methods, develop hypothesis, prove/disprove relationships, always ask why and defend your analysis experience supporting security in classified environments.
1. Experience with one or more of the following: Kali, Samurai Web Testing Framework, or the Penetration Testing Framework suite of tooling.
2. Experience with or knowledge of the Risk Management Framework (RMF) to include DOD Authorization and Accreditation Process methods and vulnerability management.
3. Experience using automated Static Code Analysis (SCA) tools along with manual code review.
4. Knowledge of Database Management System (DBMS) and SQL (i.e. relational database experience such as Postgres, MySQL, Enterprise DB, etc.).
5. Knowledge of Web Servers / Services (i.e. Apache and Tomcat), Ozone Widget Framework (OWF), and web applications.
6. Familiarity with using Bash to produce hardening scripts
7. Experience with cybersecurity tooling such ThreadFix, Burp Suite, Arachni, and Nessus/ACAS, and SCC SCAP.
8. DoD 8570 certification IAT Level III such as CISSP certification or the pursuit thereof is a plus.
9. Experience creating security metrics
Lockheed Martin is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. Join us at Lockheed Martin, where your mission is ours. Our customers tackle the hardest missions. Those that demand extraordinary amounts of courage, resilience and precision. They’re dangerous. Critical. Sometimes they even provide an opportunity to change the world and save lives. Those are the missions we care about.
As a leading technology innovation company, Lockheed Martin’s vast team works with partners around the world to bring proven performance to our customers’ toughest challenges. Lockheed Martin has employees based in many states throughout the U.S., and Internationally, with business locations in many nations and territories.
Experience Level: Experienced Professional Business Unit: ESS6500 RMS Relocation Available: Possible Career Area: Information Security/Information Assurance Clearance Level: Secret Type: Full-Time Virtual Location: no Work Schedule: TEMPO: 9X80A - Standard Fri to Fri (Flex & Rigid) Shift: First