Secure Software Assessment SME; Secret Clearance

Secure Software Assessment SME (Secret Clearance)

Join to apply for the Secure Software Assessment SME (Secret Clearance) role at Aperio Global in Alexandria, VA. This position requires an active SECRET clearance.

Aperio Global is seeking a Software Assessment SME in Alexandria VA
.

• Conduct Code Vulnerability Assessments:
  Perform rigorous static and dynamic code analysis to identify vulnerabilities in software applications. Utilize tools like SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) to ensure the application’s security posture.
• Lead and Guide Application Security Teams:
  Manage and mentor a team of application security specialists, providing technical leadership and guidance on complex vulnerability analyses. Review team findings to ensure accurate results and high-quality deliverables.
• Promote and Train on Secure Coding Practices:
  Educate and provide training to development teams on secure coding techniques and common vulnerabilities (e.g., based on OWASP Top Ten, CWE/SANS Top 25). Deliver workshops or guidelines on defensive coding against injection attacks, cross-site scripting (XSS), secure authentication, etc.
• Oversee Secure Software Assessments:
  Plan, prioritize, and execute secure software assessments across the software lifecycle, including secure design reviews, code audits, and vulnerability testing. Ensure assessments align with organizational and DoD policies for application security.
• Provide Vulnerability Remediation Guidance:
  Offer actionable recommendations to developers, architects, and system owners to remediate identified code vulnerabilities and improve the security of applications. Ensure that all secure recommendations align with development timelines and technical feasibility.
• Develop and Maintain Security Procedures and Guidelines:
  Create and update secure software development lifecycle (SDLC) protocols, ensuring they include best practices for vulnerability prevention. Establish a set of repeatable processes for conducting secure software assessments.
• Collaborate with Development and Stakeholder Teams:
  Serve as a liaison between security, development, and operations teams, ensuring shared understanding of application security goals and activities. Incorporate security requirements into development workflows and stakeholder requirements.
• Monitor Application Threats in Real-Time:
  Implement baseline measures to monitor frameworks, libraries, and third-party software for vulnerabilities or new security threats. Ensure that vulnerabilities associated with third-party code are identified, assessed, and remediated effectively.
• Assess and Integrate Emerging Tools and Techniques:
  Evaluate new application security tools, methods, and frameworks for integration into software development environments to enhance security.
• Perform Reporting and Communication:
  Develop comprehensive reports to communicate assessment findings, risks, and remediation steps to stakeholders and leadership in a clear and actionable format. Provide periodic updates and performance metrics on application security initiatives to leadership.

• Secure Coding Practices and Standards:
  Expertise in secure software development methodologies, including OWASP Secure SDLC, OWASP Top 10, and CWE/SANS Top 25 vulnerabilities.
• Static and Dynamic Application Security Testing (SAST/DAST):
  Proficient in using and configuring tools like Fortify, Sonar Qube, OWASP ZAP, Burp Suite, and Checkmarx for vulnerability detection.
• Application Vulnerability Assessment and
  
  Risk Management:
  
  Skilled in identifying, analyzing, prioritizing, and remediating software vulnerabilities across various applications and environments.
• Programming and Framework Expertise:
  In-depth knowledge of programming languages (e.g., Java, Python, C++, JavaScript) and their associated vulnerabilities, as well as secure coding practices within frameworks like Spring and Django.
• Leadership and Team
  
  Collaboration:
  
  Strong ability to lead, mentor, and guide a team of application security specialists, as well as collaborate effectively with development and stakeholder teams.
• Threat Modeling…