The Principle Software Security Engineer provides leadership, team coordination, and subject matter expertise in the provision of secure embedded operating systems primarily within a Linux environment. The primary function of this role includes threat modeling, application of DISA STIGs in regards to secure operating systems, and development of a secure operating environment based on Linux. Also expected to provide analytical support for the development and submission of C&A documentation in compliance with RMF requirements. Ability to apply expertise in technology, analyze the security implications of systems and applications security, and provide recommendations to decision makers and engineers. This position typically works under limited supervision and direction. Incumbents of this position will regularly exercise discretionary and substantial decision-making authority.
Essential Job Duties and Responsibilities:
Focus on embedded secure operating system in Linux environment
Understand the Software Development Lifecycle and work with Software Engineering on tasks and time to ensure proper implementation.
Conduct static code analysis (SCA) per program requirements.
Create Static Code Analysis reports as needed in the desired format.
Conduct threat modeling exercises for a defined scope.
Maintain a comprehensive and holistic system view while addressing stakeholder security risks and concerns regarding software integrity and assurance implementation through the application of Systems Engineering skills.
Ensure the effectiveness and suitability of the security elements within software applications as an enabler to mission success.
Lead role in design of security features such as authentication and authorization, data protection.
Perform security code reviews and identify implementations that will lead to resolution of security vulnerabilities.
Subject matter expert to develop vulnerability remediation action plans and drive implementation.
Employ common security testing tools to verify common security vulnerabilities and effective fixes.
Provide input and support to Cyber Security Professionals for RMF control responses
Solid understanding of security concepts and secure coding techniques.
Continuous evaluation of security posture for end product with a focus on reducing the attack surface, remediation of potential weaknesses and developing effective vulnerability management strategies to mitigate risk.
Work with Software teams to resolve open issues to meet customer risk posture on results of SCA.
Continually integrate with current recommendations for continually improving software security. This can include NIST Software Development Framework, recommendations from DISA, or other similar publication.
Understand and Implement policies, standards, laws, and regulations regarding technical aspects with respect to Information Security
Participate in continuous process improvement efforts
Familiarity with application and network security
Familiarity with SD Elements a plus
Familiarity with kernel configuration and device trees
Familiarity with Yocto/Bitbake tool experience
Keeps abreast of improvements in software engineering
Identifies software engineering process improvements, and supports the execution of them across the organization
Participates in total quality management/continuous process improvement teams
Assumes additional technical responsibilities as needed
Minimum Job Requirements:
The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.
Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.
Zero stress and one profile that can connect you directly to 1000s of companies.
We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.
Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.
Join now and be seen.