Principal Software Security Engineer

Software Developer in Huntsville, AL

Posted 2019-12-23

Job Summary:

The Principle Software Security Engineer provides leadership, team coordination, and subject matter expertise in the provision of secure embedded operating systems primarily within a Linux environment. The primary function of this role includes threat modeling, application of DISA STIGs in regards to secure operating systems, and development of a secure operating environment based on Linux. Also expected to provide analytical support for the development and submission of C&A documentation in compliance with RMF requirements. Ability to apply expertise in technology, analyze the security implications of systems and applications security, and provide recommendations to decision makers and engineers. This position typically works under limited supervision and direction. Incumbents of this position will regularly exercise discretionary and substantial decision-making authority.

Essential Job Duties and Responsibilities:

Focus on embedded secure operating system in Linux environment
Understand the Software Development Lifecycle and work with Software Engineering on tasks and time to ensure proper implementation.
Conduct static code analysis (SCA) per program requirements.
Create Static Code Analysis reports as needed in the desired format.
Conduct threat modeling exercises for a defined scope.
Maintain a comprehensive and holistic system view while addressing stakeholder security risks and concerns regarding software integrity and assurance implementation through the application of Systems Engineering skills.
Ensure the effectiveness and suitability of the security elements within software applications as an enabler to mission success.
Lead role in design of security features such as authentication and authorization, data protection.
Perform security code reviews and identify implementations that will lead to resolution of security vulnerabilities.
Subject matter expert to develop vulnerability remediation action plans and drive implementation.
Employ common security testing tools to verify common security vulnerabilities and effective fixes.
Provide input and support to Cyber Security Professionals for RMF control responses
Solid understanding of security concepts and secure coding techniques.
Continuous evaluation of security posture for end product with a focus on reducing the attack surface, remediation of potential weaknesses and developing effective vulnerability management strategies to mitigate risk.
Work with Software teams to resolve open issues to meet customer risk posture on results of SCA.
Continually integrate with current recommendations for continually improving software security. This can include NIST Software Development Framework, recommendations from DISA, or other similar publication.
Understand and Implement policies, standards, laws, and regulations regarding technical aspects with respect to Information Security
Participate in continuous process improvement efforts
Familiarity with application and network security
Familiarity with SD Elements a plus
Familiarity with kernel configuration and device trees
Familiarity with Yocto/Bitbake tool experience
Keeps abreast of improvements in software engineering
Identifies software engineering process improvements, and supports the execution of them across the organization
Participates in total quality management/continuous process improvement teams
Assumes additional technical responsibilities as needed
Minimum Job Requirements:

Four-year college degree in computer science, computer engineering or other related technical discipline plus a minimum of eight years of related experience or a master’s degree with six years of related experience. Experience to include software development/engineering, providing technical direction and leadership to software engineering projects and team members. Ability to interpret technical contract requirements. Requires proficiency using programming languages such as Java, “C/C++/C#,” Product Lifecycle Management, Javascript, JavaScript Object Notation (JSON), Python, graphics or other developmental software. May require ability to develop software in a Unix (Linux, Ubuntu, CentOS, Solaris), Windows Server 2003/2008/Vista/XP/Windows 7/8 and up, Integrated Development Environments (IDEs) or other PC or virtual environment. May require experience with embedded processing. Ability to use PC software such as Microsoft Word/Project/Visio, database, spreadsheet and flowchart, and Computer Aided Software Engineering (CASE) tools. Ability to effectively communicate verbally and in writing, interface with customers, subcontractors and vendors. Must be able to solve complex and difficult engineering problems. Knowledge of customer needs and competing products desirable. May be required to travel domestically and internationally to include working odd hours, in-line with customer requirements.

The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.

Ready to be seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Be seen in a new Software Developer job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and be seen.