Cyber Vulnerability Analyst
Analyze and manage risk management issues by identifying, measuring, and making decisions on operational or enterprise risks for an organization.
- Conduct web application and code testing for all systems and applications, and open source dependencies, providing analysis and risk assessments for vulnerabilities discovered
- Utilize code analysis and fuzzing tools that are furnished or approved by the Government to assess the quality and security of source code
- Define secure coding standards and develop secure coding training for current and future developers
- Conduct code reviews for all code changes for a given application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented
- Apply the Software Assurance Forum guidance to Systems Lifecycle
- Process, software development, and engineering principles
- Provide a monthly report on the overall quality of source code from a security perspective. This report shall include reports of quality by project and/or development team and shall include trend analysis to identify the number of new defects introduced per release, defects remediated in each release, and trends in the types of defects introduced and remediated
- Provide DevOps evaluation, implementation, and operations support for USCIS static and dynamic code analysis tools (currently HPe WebInspect Enterprise, and HPe Fortify). This includes user account and access management, server management, monitoring, patching, version upgrades, and integration with continuous integration/continuous delivery pipelines
- The contractor shall assist the government in performing market research to identify and implement new tools that provide better code analysis or support languages not currently support by current toolsets
10+ years cyber security experience. Strong knowledge using vulnerability assessment tools (i.e. AppDetective; Fortify; Nessus; Splunk; WebInspect) and the ability to view and analyze vulnerability reports to prepare risk assessment reports to senior leadership.
Master’s Degree, IA Level III Certification (i.e. CISSP; CASP; CISA; CISM; GSLC)
Apply for this position