Job Description
JOB NUMBER: 1509 | LOCATION: Atlanta, GA CLEARANCE/ACCESS LEVEL: NACI
AMDEX.ai The Art of Data Science
We are a seasoned Full-spectrum data solutions firm. We deliver insights, strategies, data analytics, and technical expertise to accelerate data modernization. We specialize in data sciences and cloud solutions, application development and maintenance, program management, and health IT operations leveraging experience and trusted talent to solve the federal government’s most pressing business and technical challenges. Without you, it’s just data.
AMDEX Corporation is seeking an Information Security Analyst with application security experience to join its team supporting our Federal government customer.
Position Overview: (Web Applications)
Assess the potential risks and vulnerabilities within the organization’s computer systems and networks.
Conduct risk assessments to identify weaknesses and develop strategies to mitigate and minimize security risks, including Plans of Action & Milestones (“POA&M”) where appropriate.
Scan applications and server operating systems, providing code level recommendations to system/application stakeholders to respond/mitigate vulnerabilities.
Support as requested the ongoing facilitation, monitoring, and oversight of System Security Authorization and Privacy processes, evaluating proscribed managerial, operational and technical safeguards protecting the confidentiality, integrity and availability of systems and the information in them.
Responsibilities include:
Primary:
- Serve as a Subject Matter Expert (SME) in web application security.
- Scan applications and server operating systems using CDC supplied tools like Nessus Tenable and Fortify WebInspect.
- Analyze and track identified vulnerabilities, providing technical recommendations and code level advice to system/application stakeholders to respond/mitigate vulnerabilities.
- Engage directly with IT system and application stakeholders/development teams to ensure security practices are embedded throughout the SDLC lifecycle.
- Serve as a subject matter expert on IT Security to system and application stakeholders and more junior IT Security Analysts.
- Provide security advice throughout SDLC.
- Implement secure development life cycles to integrate security and privacy considerations throughout all phases of the development process, helping developers build highly secure software, and addressing security compliance requirements.
- Assist owners with accurate and timely completion of Privacy Impact Assessments and Social Security Number Usage Exception requests.
- Support development, use and update of System of Records Notice for support programs and systems.
- Conduct independent reviews of draft:
- System documentation, Risk assessment, mitigation and tracking documents, BCP procedures, testing and updates
- Annual self-assessments and BCP updates
- Change requests, System retirement work packages, re-certification packages.
Other Responsibilities (as needed):
- Support requests for non-standard software and open source/freeware by completing tests.
- Scan incoming portable media for malicious software.
- Respond to antivirus alerts, lost IT asset reports, patch management and other reports.
- Support issuance, proper use, tracking and reporting of agency-authorized Universal Serial Bus media.
- Support completion and processing of level III software requests.
Skills, Experience & Qualifications:
- 10+ years of experience in application development and security
- Extensive experience acting as a Subject Matter Expert (SME) in web application security.
- Excellent skills in writing code in a currently supported programming language.
- Skill in conducting software debugging.
- Skill in using code analysis tools (e.g., Static Analysis Tools).
- Skill in integrating black box security testing tools into the quality assurance process of software releases.
- Skill in providing training in application security best practices using guidance from NIST, OWASP, etc.
- Skill in providing code level advice on potential vulnerabilities.
- Skill in providing active participation security advice throughout SDLC.
- Skill in implementing secure development life cycles to integrate security and privacy considerations throughout all phases of the development process, helping developers build highly secure software, and address security compliance requirements.
- Understanding of current threats and exploits to include experience with threat detection, analysis, and remediation.
- Knowledge of application architectures, platforms, and protocols and their inherent security strengths and weaknesses
- Industry recognized certification in security: CSSLP or GWAPT
- Knowledge of OMB, NIST, HHS, CDC policy and guidance
- Eligible for Government access Clearance.
*Due to the nature of the contracts we support, only US citizens and permanent residents will be considered for this role.
AMDEX Corporation offers a competitive salary package and attractive benefits package.
- Medical | Dental | Vision (Base plan employee premiums 100% company paid)
- Employer Paid Life and Disability Insurance, STD and LTD
- Employee Assistance Plan and Employee Discounts
- 11 Federal Holidays | PTO accrual with carryover
- 401(k) Plan with company match | Flexible Spending Accounts: Medical, Dependent, Transit
- Tuition Reimbursement&Training Assistance
Visit our Careers website at www.amdexcorp.com/amdex-ai-jobs/ .
EOE M/F/D/V