• Lead Security Software Engineer

    Job Locations US-VA-Arlington
    Job ID 2018-3772
    Type
    Regular Full-Time
  • Position Description

    Valiant Solutions is seeking a Lead Software Security Engineer with experience coding and scripting to join our growing team supporting a large Government Agency in Arlington, VA. The successful candidate must possess and be able to demonstrate technical skills and engineering attitude for success, dedication and commitment.

     

    Valiant Solutions is a Cybersecurity company delivering cutting-edge security solutions to our Government clients specializing in Cloud Security, Security Engineering, and Federal GRC.  This is your chance to work with a wide range of security technologies for a company that cares about its employees - Valiant has been named one of the Best Places to Work in the DC area FOUR years in a row! We offer an excellent benefits package (see highlights below) and opportunities for advancement. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now! 

     

    Salary will be based on qualifications and education. All candidates must be US citizens with the ability to successfully pass a Federal background and strict credit check.

     

    Experience Requirements:

    • Hands-on experience working with application security in the realms of smoke testing, error handling, static code analysis, pre-commit hooks, attack mapping, container security, continuous monitoring, authentication, session management and dependency mapping as well as penetration test tooling like Burp Suite, Metasploit and WebInspect
    • Vulnerability Management, Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Web Application Security, Risk Assessment and Mitigation Methodologies
    • Proficiency in building and automating efficient and effective scripts from scratch with languages such as Python, Node.js, sh, Perl, etc.
    • Experience applying knowledge of information security concepts and theories through technical and non-technical methods.
    • Solid understanding of cyber security threats, risks, vulnerabilities, and attacks, giving insight into threat actor motives, capabilities, and techniques.
    • Experience with WebInspect, AppScan Source, Fortify, Veracode, Sonatype or Blackduck platform
    • Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.

     

    Responsibilities

    •         Apply coding and testing standards, security testing tools, threat modeling and conduct code reviews.
    •         Identify common coding flaws.
    •         Perform integrated quality assurance testing for security functionality and resiliency attacks.
    •         Perform secure programming analysis and identify potential flaws in codes to mitigate vulnerabilities.
    •         Perform penetration testing as required for new or updated applications.
    •         Analyze defense functions (ie: encryption, access control, identity management) to reduce exploitation opportunities
    •         Responsible for developing secure coding guidelines and best practice documentation for custom developed applications as well as ensuring the guidelines are followed.
    •         Conduct assessments using COTS and other tools to ensure coding practices are followed and effective as well as identify risks.
    •         Collaborate with development teams to ensure secure coding best practices are followed
    •         Collaborate with development teams to support remediation of software vulnerabilities
    •         Provide coding guidance to ensure best practices are continually followed and issues addressed.
    •         Conduct assessments of custom applications and related code to identify risks
    •         Perform general security policy development/maintenance and audit compliance support
    •         Security engineer to test, advise and consult on application security for internal and external web systems and applications.
    •         Verify findings as needed with application development team
    •         Perform manual source code review for security vulnerabilities
    •         Write formal security assessment report for each application
    •         Perform bug hunting/penetration testing, threat modeling, risk analysis and thorough reporting to Security, Dev and Ops teams
    •         Identify and remediate XSS, CSRF, SSRF, RCE and other attack surfaces
    •         Demonstrated ability to meet deliverables, timetables, and deadlines.
    •         Knowledge of current and emerging security and information technology standards and practices.
    •         Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience.
    •         Other activities to ensure performance and the information security program

     

    Skills / Competencies:

    • Understanding of web service technologies such as XML, JSON, SOAP, and REST
    • Thorough understanding of security methodologies and frameworks like SSDLC, MITRE ATT&CK, NIST CSF and OWASP Testing Guide v4
    • Strong coding skills in multiple common languages such as C#, Python, Ruby, Perl, Go, PHP and SQL and working knowledge of network and web related protocols TCP/IP, UDP, IPSEC, HTTP/S and BGP
    • Identify and remediate XSS, CSRF, SSRF, RCE and other attack surfaces
    • Security compliance regimes: NIST, PCI-DSS, ISO 27000, CIS, etc.
    • Background in J2EE, web frameworks, and .NET is a plus
    • Windows and Unix administration
    • Administration of Software Security evaluation tools (E.G. WebInspect, Blackduck, Fortify)

     

    Minimum Requirements

    BS degree & 18 years of experience (10 years specialized)

    OR Master's degree & 15 years of experience (10 years specialized)

     

    About Valiant Solutions:

    Valiant Solutions is a security-focused IT solutions provider with both public and private sector clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skillset. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

     

    Benefits Snapshot (includes, but not limited to):

    Valiant pays 99% of the Medical, Dental, and Vision Coverage for FTE

    Valiant contributes 25% towards Health Coverage for Family and Dependents

    100% Paid Short Term Disability and Life Insurance Policy for FTE

    100% Paid Certifications

    401K Matching up to 4%

    Paid Time On – 40 hours to pursue innovation

    Valiant University – Online Education and Training Portal

    Reimbursement for Public Transit and Parking

    FSA programs for: Medical Costs, Dependent Care, Transit, and Parking

    Referral Bonuses

     

    Equal Opportunity Employer:

    Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex/gender, pregnancy, religion, age, marital status, sexual orientation, military/veteran status, disability, genetic information/history or any other personal characteristic protected by law.

     

    Physical Demands

    Must be able to remain in a stationary position 50% of the time and also be able to occasionally move about inside the office to access file cabinets, office machinery, etc.

    Must be able to constantly operate a computer and other office productivity machinery, such as a copy machine, and computer printer.

    Must be able to communicate, detect, converse with, discern, convey, express one self, and exchange information visually and verbally.

    Must be able to occasionally bend and lift files and papers up to 10 pounds throughout the office space for events and meetings.

     

    Work Environment:

    Individual's primary workstation is located in an office area

    The noise level in this environment is low to moderate

     

    Authorization to Share Resume and Personal Information:

    By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed