Secure Software Analyst in Baltimore, MD at Booz Allen Hamilton Inc.

Date Posted: 7/26/2018

Job Snapshot

Job Description

Job Number: R0033624

Secure Software Analyst

Key Role:

Perform application security assessments, secure code reviews using Fortify Static Code Analyzer (SCA), other security-oriented software development tools, and Software Development Life Cycle (SDLC) consulting. Work with software development organizations to analyze software applications to identify security vulnerabilities across a variety of programming languages. Analyze scan results to determine false positives and levels of severity for findings reported, conduct bug fixes, perform assessments of SDLC processes, and provide recommendations for incorporating security, development of scope enhancements, changes required by users, and modifications required due to changes in the production environment. Maintain the development life cycle, including problem and modification identification, classification, prioritization, and detailed analysis of the modification to determine impact, feasibility, and alternatives, and designing a modification solution. Develop code, processes, and procedures to implement modification, validate the modification, and determine the impact on the existing system or application and the systems environment in general. Validate that the modification meets the requirement, provide the modification as part of a release package for installation in the operational environment, and contribute to high-quality deliverables and tasks under supervision.


Basic Qualifications:

-2+ years of experience with IT or software development or secure code evaluation support

-Experience with common code review methods and standards

-Knowledge of common security requirements within Java, .NET, mobile iOS, Android applications

-Knowledge of OWASP tools and methodologies

-Knowledge of SDLC models and security controls

-Ability to identify and fix security defects in static code

-Ability to use of Fortify SCA or other security-oriented software development tools

-Ability to read and write secure code for one or more common programming, scripting, and markup languages, including Java, C#, ASP .NET, PL/SQL, T/SQL, PHP, Perl, Objective C, C++, or JavaScript

-Ability to obtain a security clearance

-BA or BS degree


Additional Qualifications:

-Experience with static analysis tools in the Cloud as a service model, including HP Fortify or IBM Appscan Source

-Experience with high-level programming languages, including Java, C, C++, .NET, C#, or VB

-Experience with Web application development, including ASP .NET, ASP, PHP, J2EE, or JSP

-Experience with mobile app development, including Objective C and Java for Android

-Experience with Web application vulnerability scanning tools, including IBM AppScan, HP Webinspect, Accunetix, NTO Spider, or Burpsuite Pro

-Experience with the CMS security process and terminology

-Experience with training preferred

-Knowledge of application security NIST documentation and Special Publications, including NIST SP 800-53, 800-163, and 800-18

-Possession of excellent oral and written communication skills
-Public Trust clearance preferred

-BS degree in CS

-CISSP, CSSLP, GSEC, GSSP-.NET, GSSP-Java, or GWEB Certification


Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status—to fearlessly drive change.

Your Career is Waiting.

Get job alerts. Learn about new work and upcoming events. Share open roles with friends and colleagues.
Our Talent Network is your opportunity hub.


Get Answers and Access.

Need more information? Find it in our FAQs.

Application already in-process? Log in to keep going.