Software Assurance Engineer

Summary

Join Agile Defense as a Software Assurance Engineer and contribute to securing critical US government systems. This remote position, based in Alexandria, VA, requires an Active DoD Public Trust clearance and relevant certifications (CISSP or equivalent, GCSA). You will perform white-box testing, code reviews, security architecture assessments, and vulnerability analysis on sensitive systems. The role demands strong technical skills, experience with various security tools, and excellent communication abilities. Agile Defense fosters a positive and supportive work environment, valuing its employees and promoting a culture of collaboration and continuous improvement.

Requirements

• Possess CISSP (or equivalent), GCSA or possess a willingness to pursue certifications after hire
• Have a Bachelor’s degree/University degree or equivalent experience
• Have 1+ years of relevant experience with most of the requirements below
• Have experience with Security Architecture reviews
• Have experience with DevSecOps CI/CI pipelines standards and best practices
• Have experience with Application Programming Interface (API) development and testing
• Have extensive experience working with White-Box testing methodologies and techniques
• Have experience with Static Application Security Testing tools. e.g., SonarQube, Veracode, Fortify
• Have experience with Dynamic Application Security Testing tools. e.g., OpenText Fortify WebInspect, Veracode, Invicti
• Have experience leveraging the MITRE ATT&CK Framework
• Have experience with Vulnerability Assessment tools. e.g., Nessus, Qualys, Rapid7
• Have experience with Exploitation frameworks, e.g., Metasploit, CANVAS, Core Impact
• Have a deep understanding of OSI model
• Have knowledge of Security devices, i.e. Firewalls, VPN, AAA systems
• Have knowledge of OS Security. e.g. Unix/Linux, Windows, OSX
• Have an understanding of common protocols. e.g. HTTP, LDAP, SMTP, DNS
• Have knowledge of Web application infrastructure. e.g. Application Servers, Web Servers, Databases
• Demonstrate the ability to collaborate with a variety of analytical groups and service delivery organizations
• Possess advanced analytical and problem-solving skills
• Consistently demonstrate clear and concise written and verbal communication
• Be proficient in interpreting and applying policies, standards and procedures
• Demonstrate the ability to remain unbiased in a diverse working environment

Responsibilities

• Perform code reviews to identify flaws in the development of custom applications that handle sensitive IP data, particularly those involving complex data transformations, encryption, or proprietary algorithms
• Drive configuration auditing through review of system and network configurations for misconfigurations or insecure settings that could lead to exploitation
• Execute access controls to validate and assess whether internal access controls effectively enforce the principle of least privilege and prevent unauthorized access to IP data
• Generate reports that highlight security weaknesses uncovered during white-box testing and provide actionable remediation steps
• Ensure that critical issues are resolved before new software releases or system updates go live, especially if they affect data-sharing processes or BII systems
• Research, test, build, and coordinate the conversion and/or continuous integration pipelines and toolchains based on client requirements
• Design and develop new software products or major enhancements to existing software to support security operations
• Address problems of systems integration, compatibility, automation and orchestrations
• Assesses cloud security architectures and provide recommendations to improve overall infrastructure security and methods to automate security testing of applications moving through the CI/CD pipeline

Preferred Qualifications

Have experience with Web development and programming languages. e.g. Python, Perl, Ruby, Java, .Net

Benefits

Remote work