الوصف الوظيفي
Job Description
Description
SAIC is seeking a Development Security Operations (DEVSECOPS) Engineer to conduct Fortify System Administration in support of a large Department of Defense organization in Huntsville, AL.
Job Overview:
This position serves as the SR Fortify System Administrator for the Chief Information Office that supports a large Department of Defense organization with a software development mission and will be part of the cornerstone for a software assurance program.
Job Responsibilities:
Install, configure, and trouble-shoot Fortify SCA on software developer computers.
Monitor and download new releases of Fortify SCA and Fortify Rule packs.
Install, configure, and administer Fortify Software Security Center.
Install, configure, and administer Fortify Scan Central servers.
Perform scan and code reviews on complicated edge cases.
Support integration of Continuous Integration (CI)/Continuous Deployment (CD) pipelines.
Review Fortify FPR’s to concur/non-concur with developer analysis of SCA findings.
Conducts scan review process which may require complex code analysis.
Perform scan review activities against ASP.NET Webforms and MVC web applications. .
Test and research new scan findings reported by Fortify SCA to determine severity and potential fixes.
Develop and document clear guidelines for handling or remediating common issues.
Interface with Fortify support.
Write simplified test cases that reproduce problematic behavior.
Submit support tickets and track status through to resolution.
Must understand issues clearly and advocate for the organization and developers until issues are resolved satisfactorily.
Distribute Fortify software and support installation and configuration activities.
Track software utilization against licensed capacity.
Work integration of scan services into DevOps processes as needed.
Coordinate with organizations cyber security elements on scan reviews and other software assurance activities.
Evaluate additional analysis tooling to expand capabilities.
Participate in process enhancement and capability growth of software assurance activities within the organization.
Advise developers on code changes that align with scan engine characteristics to improve future scan results to recommending changes to reduce false positives and associated time spent on analysis on future scans.
Further develop standards for scan reviews.
Qualifications
Required Education:
Bachelors and five (5) years or more expereince; Masters and three (3) years or more experience; PhD and zero (0) years related experience; four (4) years of experience accepted in lieu of degree.
Qualifications:
Experience with web-oriented development as well as the identification and remediation common code security issues that occur in web-oriented code.
Experience performing code reviews with an emphasis on code security.
Experience using industry-standard static and dynamic code-security-analysis tooling is required. Experience with working within software development processes within a DOD environment.
Proficient in Static code security analysis tooling, C#, ASP.NET Webforms and MVC web applications, CSS/JS/HTML, SQL
Knowledge and understanding of multi-tiered web architectures.
Understands the code and frameworks most commonly submitted for review, such as ASP.NET, Web Forms, MVC, and Razor Pages using both the standard .Net Framework as well as the newer .NET Core technologies.
Proficient in JavaScript, CSS, jQuery, and Bootstrap to the point the candidate can n write simple test cases in the applicable framework, as well as provide suggestions and code samples to deal with specific issues.
Understands how Fortify functions, not just determine whether or not specific sections of code are vulnerable.
Ability to define standards for scan review such that developers understand what is required to pass a review prior to scan submission.
Excellent communiaitons skils both written and verbal.
Desired Skills:
Experience working with Fortify tooling including Fortify SCA, Audit Workbench, Software Security Center, and IDE plugins is preferred.
Knowledge of DevSecOps and automated testing
Experience with Fortify SCA, Fortify Audit Workbench,
Experience with Fortify Software Security Center
Experience with Apache Tomcat - Experience with Windows Server administration
Knowledge of Multi-tier architecture
Knowledge of Agile development
Familiarity with jQuery
Certification:
Candidate must have Sec+ certification
Required Clearance:
Candidate must be able to obtain, maintain and/or currently posses a Secret clearance; Interim Secret clearance minimum required on first day.
COVID Policy: Prospective and/or new employees are required to adhere with SAIC’s vaccination policy. All SAIC employees must be fully vaccinated and they must submit proof of vaccination on their first day of employment. Prospective or new employees may seek an exemption to the vaccination requirement at Contact Us and must have an approved exemption prior to the start of their employment. Where work is performed strictly at a customer site, customer site vaccination requirements preempt SAIC’s vaccination policy.
Overview
SAIC® is a premier Fortune 500® technology integrator driving our nation’s technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers’ missions.
We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.1 billion. For more information, visit saic.com.
تفاصيل الوظيفة
منطقة الوظيفة الأحساء, المملكة العربية السعودية
قطاع الشركة خدمات الدعم التجاري الأخرى
طبيعة عمل الشركة غير محدد
نوع التوظيف غير محدد
الراتب الشهري غير محدد
عدد الوظائف الشاغرة غير محدد
https://www.bayt.com/ar/saudi-arabia/jobs/development-security-operation-engineer-64426754/
Printable Page 
Report Advertisement