Job Description
Location: Oak Ridge, TN..
Job Title: Secure Software Assessor
Career Level From: Senior Associate
Career Level To: Principal
Organization: Chief Information Security Office
Job Specialty: Software Security Assessment
EmDrive, LLC. (EmDrive) is a nationally-recognized computer systems design services firm dedicated to providing critical infrastructure systems engineering services in support of our Nation’s security. Using a disciplined systems engineering approach that is supported by an innovative software toolsets, EmDrive provides solutions to improve the effectiveness and efficiency of our government and private clients. We support the defense, energy, and science markets through responsive, cost-effective execution of critical security, infrastructure, nuclear defense and nonproliferation, and environmental projects.
This position is a hybrid role in Oak Ridge, TN. Some on-site work may be required in this position. If offered the role, relocation assistance will be available.
Core Tasks
- Develop Secure Software testing and validation procedures. (T0456)
- Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities. (T0516)
- Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing. (T0217)
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. (T0181)
- Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews. (T0013)
- Determine and document software patches or the extent of releases that would leave software vulnerable. (T0554)
- Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life. (T0118)
- Identify basic common coding flaws at a high level. (T0111)
- Consult with engineering staff to evaluate interface between hardware and software. (T0040)
- Data Privacy
- Information Assurance
- Information Systems/Network Security
- Operating System
- Risk Management
- Software Development
- Software Testing and Evaluation
- Systems Administration
- Systems Testing and Evaluation
- Threat Analysis
- Vulnerability Assessment
- Knowledge of cybersecurity and privacy principles. (K0004)
- Knowledge of computer networking concepts and protocols, and network security methodologies. (K0001)
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. (K0003)
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). (K0002)
- Knowledge of cyber threats and vulnerabilities. (K0005)
- Knowledge of specific operational impacts of cybersecurity lapses. (K0006)
- Knowledge of Personally Identifiable Information (PII) data security standards. (K0260)
- Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). (K0044)
- Skill in discerning the protection needs (i.e., security controls) of information systems and networks. (S0034)
- Knowledge of operating systems. (K0060)
- Knowledge of information technology (IT) risk management policies, requirements, and procedures. (K0263)
- Knowledge of cybersecurity principles and methods that apply to software development. (K0039)
- Knowledge of software quality assurance process. (K0153)
- Knowledge of Secure Software deployment methodologies, tools, and practices. (K0178)
- Skill in using code analysis tools. (S0174)
- Knowledge of secure configuration management techniques. (K0073)
- Knowledge of organization's evaluation and validation requirements. (K0028)
- Skill in secure test plan design (e. g. unit, integration, system, acceptance). (S0135)
- Skill in designing countermeasures to identified security risks. (S0022)
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). (K0070)
- Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. (S0001)
- Meaningful work and unique opportunities to support missions vital to national and global security
- Top-notch, dedicated colleagues
- Generous pay and benefits with a stable organization
- Career advancement and professional development programs
- Work-life balance fostered through flexible work options and wellness initiatives
- Bachelor's degree in Computer Science, Information Security, Information Systems or a related field with at least two years of relevant professional experience or five years of cyber incident response experience in an enterprise network environment
- OR Master's degree
- Ten or more years of education and/or relevant experience may be considered to satisfy educational and years-of-experience requirements for this posting
Benefits
EmDrive’s benefits package was carefully designed to meet the needs of our employees and their families.
These benefits include:
- Major Medical Plan
- Dental Plan
- Vision Plan
- Disability Insurance
- Life insurance
- Retirement Plan 401(k)
- Comprehensive Leave / PTO
- Holidays / PTO
- HSA Health Savings Account
Pay Rate:
Please submit salary or hourly rate requirements along with resume or in a cover letter.
The minimum education and experience for the lowest career level in the job posting range are listed under Minimum Job Requirements. Successful candidates hired into a higher career level than the minimum in the range must meet the requirements listed in the job leveling charts for the career level into which they are being hired.
Level 1 - Associates degree with limited experience or high school diploma with 1 to 4 years of experience. Requires basic knowledge and familiarity with equipment in area of expertise.
Level 2 - Bachelors degree in a technical field with limited experience or Associates degree in a technical field and 2 to 5 years of related experience. Requires general knowledge and understanding in area of expertise and associated equipment, processes or systems.
Level 3 - Masters degree in a technical field with limited experience or Bachelors degree in a technical field and 2 to 5 years of related experience or Associates degree in a technical field and 5 to 10 years of related experience. Requires advanced knowledge and understanding in area of expertise and associated equipment, processes or systems.
Level 4 - PhD in a technical field with limited experience or Masters degree in a technical field and 2 to 5 years of related experience or Bachelors degree in a technical field and 5 to 10 years of related experience or Associates degree in a technical field and 10 to 15 years of related experience. Requires demonstrated in-depth knowledge and skills in a technical specialty.
Level 5 - PhD in a technical field and 2 to 5 years of related experience or Masters degree in a technical field and 5 to 10 years of related experience or Bachelors degree in a technical field and 10 to 15 years of related experience or Associates degree in a technical field and 15 to 20 years of related experience. Requires demonstrated in-depth knowledge and skills in a technical specialty. Recognized as an expert in their field.
Level 6 - PhD in a technical field and 5 or more years of related experience or Masters degree in a technical field and 10 or more years of related experience or Bachelors degree in a technical field and 15 or more years of related experience or Associates degree in a technical field and 20 or more years of related experience. Requires demonstrated in-depth knowledge and skills in a technical specialty. This level should be limited to a small population. Recognized as an expert in their field.
Requires a Government clearance; however all qualified candidates will be considered regardless of their current clearance status. The ability to obtain and maintain a Government clearance is required.
Position may require entry into Materials Access Areas (MAA) and participation in the Human Reliability Program (HRP). If HRP is required, candidate must complete a counterintelligence-scope polygraph, pursuant to 10CFR 709. Medical requirements may apply.
EmDrive, LLC and its Customers are a drug-free workplace. Candidates accepting a job offer will be required to pass a pre-placement physical, drug screening and background investigation. As an employee, you may be required to receive and maintain a security clearance from the United States Department of Energy in order to meet eligibility requirements for access to sensitive information or matter. U.S. citizenship is a requirement for security clearance applicants. All employees are subject to being randomly selected for drug testing without advance notification.
EmDrive, LLC and its Customers are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity, age, religion, national origin, ancestry, genetic information, disability or veteran status.
To read more about this, view Know Your Rights: Workplace Discrimination is Illegal (dol.gov)
Powered by JazzHR
WXc8TFk73r