Software Developer Security Clearance

Responsibilities

• Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application.
• Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.
• Apply coding and testing standards, apply security testing tools including fuzzing, static‑analysis code scanning tools, and conduct code reviews.
• Apply secure code documentation.
• Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
• Compile and write documentation of program development and subsequent revisions, inserting comments in the coded instructions so others can understand the program.
• Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.
• Consult with engineering staff to evaluate interface between hardware and software. Correct errors by making appropriate changes and rechecking the program to ensure that desired results are produced.
• Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.
• Develop secure code and error handling.
• Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
• Identify basic common coding flaws at a high level.
• Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise's computer systems in software development. Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
• Perform integrated quality assurance testing for security functionality and resiliency attack. Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Prepare detailed workflow charts and diagrams that describe input, output, and logical operation, and convert them into a series of instructions coded in a computer language.
• Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
• Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
• Translate security requirements into application design elements, including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
• Design countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.
• Identify and leverage the enterprise-wide version control system while designing and developing secure applications.
• Consult with customers about software system design and maintenance.
• Direct software programming and development of documentation.
• Supervise and assign work to programmers, designers, technologists and technicians, and other engineering and scientific personnel.
• Enable applications with public keying by leveraging existing public key infrastructure (PKI) libraries and incorporating certificate management and encryption functionalities when appropriate.
• Identify and leverage the enterprise-wide security services while designing and developing secure applications (e.g., Enterprise PKI, Federated Identity server, Enterprise Antivirus solution) when appropriate.
• Conduct trial runs of programs and software applications to ensure that the desired information is produced and instructions and security levels are correct.
• Develop software system testing and validation procedures, programming, and documentation.
• Modify and maintain existing software to correct…