This site uses cookies. To find out more, see our Cookies Policy

Software Assurance Engineer, Lead in Arlington, VA at Booz Allen Hamilton Inc.

Date Posted: 5/25/2019

Job Snapshot

Job Description

Job Number: R0050171

Software Assurance Engineer, Lead

The Challenge:

Everyone knows security needs to be “baked in” to a system architecture, but you actually know how to bake it in. You can identify and implement ways to harden systems and reduce their attack surface. What if you could use your Cyber skills to design and assess the implementations of systems for the DoD? We’re looking for a Software Assurance expert who can assist in ensuring DoD's solutions will stand up to even the most advanced Cyber threats.

As a SwA lead on our project, you’ll serve as a software assurance (SwA) team lead, including managing application and SwA security testing to support a Joint client. Support Web application security testing and application security testing, including using manual inspections and reviews, threat modeling, code reviews, and penetration testing techniques. Improve and maintain software assurance processes and practices for discovering and diagnosing software deficiencies and vulnerability vectors throughout the software development life cycle (SDLC). Apply expert-level knowledge of Army, DoD, and industry accepted policies, standards, best practices, and regulations related to security engineering. Assess an application’s architecture and ensure that security is incorporated into the design of the system. Generate threat models, mapping the theoretical attack surface for an application and analyze the impact, likelihood, and prevalence of security flaws. Identify, align, manage, and disseminate access to prescriptive and proscriptive guidance, including security principals, guidelines, design patterns, secure coding standards, security weaknesses, such as common weakness enumeration, and attack patterns, such as common attack pattern enumeration and classification.

Empower change with us.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen Cyber. When you join Booz Allen, we’ll help you develop the career you want.

Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University — CyberU has more than 5000 instructor-led and self-paced Cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in Cybersecurity—fully funded without a tuition cap.

Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

You Have:

-10+ years of experience with IT security and programming 

-5+ years of experience with IT security and programming in an Army or DoD environment

-Knowledge of large and complex DoD IT environments

-Ability to comprehend and manipulate programming languages, including Python, PHP, Java, Classic ASP, C, C#, or C++

-Ability to obtain a security clearance

-BS degree

Nice If You Have:

-Experience with using the Open Web Application Security Project (OWASP) testing guide

-Experience with using the following test tools: Checkmarx, Burp Suite Pro, MS Visual Studio, and IntelliJ Idea

-Knowledge of the Common Weakness Scoring System (CWSS)

-Ability to communicate with senior executive DoD personnel effectively both orally and in writing

-Ability to deliver presentations to senior leaders and in a conference setting

-TS/SCI clearance

-BS degree in Computer Science, Software Engineering, or Computer Engineering

-Certified Ethical Hacking (CEH), GIAC Web Application Penetration Tester (GWAPT), or GIAC Secure Software Programmer (GSSP) Certification

-DoD 8570 IAT II Certification, including CCNA Security, CSA+, GICSP, GSEC, Security+ CE, or SSCP

-DoD 8570 CSSP Auditor Certification, including CEH, CSA+, CISA, or GSNA


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.

Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.