Sr Application Security Analyst / SME - Active TS/SCI required

Clearance Level
Top Secret/SCI
Category
Software Engineering
Location
Washington, District of Columbia

REQ#: RQ127477

Travel Required: None
Requisition Type: Regular

Support a high profile Federal Government program, providing expertise in a variety of code scanning and analysis capabilities for both cloud and on-premise solutions to include identifying and remediating vulnerabilities in applications that employ common application development, API integration, web, and database languages such as Apex, PHP, C#, Java, JavaScript, Angular, JQuery, HTML, and SQL.

As the Senior Application Security Analyst, you will work with the enterprise applications team to perform both  static application security testing (SAST) and dynamic application security testing (DAST) in order to identify insecure interactions between components, risky resource management, and porous defenses as well as compliance with existing federal or customer-specific policy and regulations.

You will be responsible for working with the Customer to develop a secure code policy that ensures the health, security, and compliance of the application portfolio and for leading the establishment of a plan for automated code analysis that incorporates security code scanning throughout the development lifecycle. The plan will include the following components, at minimum:

  • Procedures for running SAST, DAST, component/dependency, and manual testing scans and interpreting the results

  • Plan for enforcing code scanning and analysis standards throughout the application

  • Plan for enhancing the development pipeline, leveraging automation wherever possible/where necessary capabilities exist, and where automation cannot be leveraged through standard checkpoints and reviews

  • Requirements for reviewing and auditing findings to validate results, identify false positives, and assigning and tracking remediation activities

  • Requirements for reviewing and validating findings against open source intelligence and cyber threat feeds to provide addition context for vulnerability assessment reports

  • Auditing procedures to assess compliance and ensure timely mitigation of vulnerabilities

As such, you should have extensive knowledge, understanding, and experience of these application security activities. 

Additionally, you will evaluate existing application security policies and toolsets and provide recommendations to improve efficiency through simplified processes and increased automation. As additional tools and capabilities become available, you will work with our Cloud Architect and enterprise applications team to build automated code analysis and testing into the CI/CD pipeline.

This role requires an Active TS/SCI Clearance prior to onboarding. The work location will be at the customer-site in Washington, DC.

Minimum Qualifications and Experience:

  • BA/BS Degree in Information Technology, Cybersecurity, or a related field (6 years additional experience may be substituted for a degree)

  • 10+ years of experience including hands on knowledge and experience performing application security assessments

  • Extensive hands-on experience performing cloud application security assessments in Federal Government environments. Including:

    • Performing cloud application security assessments using tools such as Fortify static code analyzer, OpenSCAP, GitHub, and other open SAST tools to detect high risk software vulnerabilities such as SQL injection, buffer over-flows, cross-site scripting, cross-site request forgery, etc.

    • Performing dynamic application security testing using tools such as WebInspect to detect web application vulnerabilities, including dependency scans, and verify source code is free of vulnerabilities

  • Experience drafting and/or supporting the development of cybersecurity policies in Federal Government environments

  • Excellent verbal and written communication skills

  • DoD 8570 IAT III Certification or equivalent (e.g., CASP+ CE, CCNP-Security, CISA, CISSP (or associate), GCED, GCIH). https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications

  • Active TS/SCI clearance

#GDITpriority


About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.