Mid-Level Cybersecurity Software Analyst

Huntsville, AL

The ideal candidate will:

A Seret Clearance and be able to independently perform all aspects of software security auditing. Have the ability to translate technical concepts into language understood by individuals from varied backgrounds. Be articulate and concise in both written and verbal communication with the ability to brief senior contract and government leadership. Work in a fast-paced, high-pressure, fluid environment. Be able to use the STIG viewer to identify and understand STIG requirements for various forms of software and discuss mitigation activities with a non-technical audience. Have a strong commitment to a team environment. Possess a willingness to learn new technologies and IT strategies.

Aegis Aerospace has more than 30 years of experience in creating innovative and practical solutions to fulfill defense and space needs.

We are looking for candidates who are ready to revolutionize the space and defense industry and pioneer new technological advancements to safeguard our country.

Are you ready to Innovate, Explore, and Protect?

This position is expected to pay $75,000 - $85,000 annually; depending on experience, education, and any certifications that are directly related to the position.

This position can be filled at Schriever SFB, Colorado Springs, CO or Redstone Arsenal, Huntsville, AL

• Perform software security audits to identify risks associated with software and provide a comprehensive security assessment for the MDA (Missile Defense Agency) IC ISSM. This can include known vulnerabilities published to the NIST NVD (National Vulnerability Database)
• Discover or compile a list of dependencies/bill of materials for software being audited
• Use of various tools to discovery vulnerabilities within an application
• Using your experience with various programming/scripting/query languages to correlate industry best practices for secure software development
• Identify common security issues including input validation, error and exception handling, logging, access controls, SQL Injection, cross-site scripting (XSS), etc. and articulate how to mitigate or reduce impact of them
• Correlating DISA STIG vulnerabilities and other policies with vulnerabilities discovered and documenting them to be consumable by a wide audience
• Manage a queue of requests for software security audits
• Assist with developing reporting metrics for team activities
• Interact with requesters of varied backgrounds to determine use-case scenarios, understand application architecture and to help determine risk mitigation strategies

• 
  HS Diploma (or GED) and 2 years of general experience; Associate’s degree and 0 years of general experience.
• Must have 2.5 years of experience in an engineering role
• Must be familiar with SQL Server, PostgreSQL or other databases in conceptual architecture and the associated query languages, etc
• Must be familiar with at least one programming language and know the difference between compiled and interpreted languages
• Must have a current IAT Level II Certification (Security+ CE)
• Must have, or be able to obtain, an active DoD Secret Clearance

Desired Experience:

• Be able to perform manual source code/script reviews to determine relevance of automated findings
• Have experience with one/any of the following languages .NET, VB, Java, C+, C++, C, JavaScript, T-SQL, PL-SQL, Python, PowerShell, HTML, ASP, Bash, and Perl
• Be familiar with some or all of these software technologies Team Foundation Server (TFS), JIRA, Get, Internet Information Service (IIS), Tomcat, Docker, SQL Server, Oracle Database, Angular, MVC, etc
• Be familiar with Fortify Source Code Analyzer (SCA)
• Have excellent written, verbal and interpersonal communications skills
• Have a familiarity with the MDA and BMDS programs.