Secure Software Assessment SME

Secure Software Assessment SME

Job Location s: US

Requisition :

Position Category:
Information Technology

Clearance Requirement:
Top Secret

Peraton is seeking a Secure Software Assessment SME. Peraton's Defense Mission and Global Health Solutions Sector is seeking a for the Department of Defense (DoD). The successful candidate will be responsible for ensuring the security of software applications through secure coding practices and code vulnerability assessments. Lead a team of application security specialists, providing guidance on secure coding practices and static/dynamic analysis methodologies.

Provide guidance to development teams on secure coding techniques and remediation strategies for identified vulnerabilities. Oversee the execution of application security assessments, including code reviews and vulnerability scans, to identify security flaws in software applications. Provide actionable recommendations to development teams and stakeholders, based on assessment findings, to improve application security and mitigate identified risks. Develop and maintain application security procedures to promote secure software development practices.

• Conduct Code Vulnerability Assessments:
  Perform rigorous static and dynamic code analysis to identify vulnerabilities in software applications. Utilize tools like SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) to ensure the application's security posture.
• Lead and Guide Application Security Teams:
  Manage and mentor a team of application security specialists, providing technical leadership and guidance on complex vulnerability analyses. Review team findings to ensure accurate results and high-quality deliverables.
• Promote and Train on Secure Coding Practices:
  Educate and provide training to development teams on secure coding techniques and common vulnerabilities (e.g., based on OWASP Top Ten, CWE/SANS Top 25). Deliver workshops or guidelines on defensive coding against injection attacks, cross-site scripting (XSS), secure authentication, etc.
• Oversee Secure Software Assessments:
  Plan, prioritize, and execute secure software assessments across the software lifecycle, including secure design reviews, code audits, and vulnerability testing. Ensure assessments align with organizational and DoD policies for application security.
• Provide Vulnerability Remediation Guidance:
  Offer actionable recommendations to developers, architects, and system owners to remediate identified code vulnerabilities and improve the security of applications. Ensure that all secure recommendations align with development timelines and technical feasibility.
• Develop and Maintain Security Procedures and Guidelines:
  Create and update secure software development lifecycle (SDLC) protocols, ensuring they include best practices for vulnerability prevention. Establish a set of repeatable processes for conducting secure software assessments.
• Collaborate with Development and Stakeholder Teams:
  Serve as a liaison between security, development, and operations teams, ensuring shared understanding of application security goals and activities. Incorporate security requirements into development workflows and stakeholder requirements.
• Monitor Application Threats in Real-Time:
  Implement baseline measures to monitor frameworks, libraries, and third-party software for vulnerabilities or new security threats. Ensure vulnerabilities associated with third-party code are identified, assessed, and remediated effectively.
• Assess and Integrate Emerging Tools and Techniques:
  Evaluate new application security tools, methods, and frameworks for integration into software development environments to enhance security.
• Perform Reporting and Communication:
  Develop comprehensive reports to communicate assessment findings, risks, and remediation steps to stakeholders and leadership in a clear and actionable format. Provide periodic updates and performance metrics on application security initiatives to leadership.

• Secure Coding Practices and Standards:
  Expertise in secure software development methodologies, including OWASP Secure…