Cyber Capability Developer, Senior

ACTIVITIES & RESPONSIBILITIES

The Customer Security Assessment Services (CSAS) provides continuous security monitoring, software engineering, and software analysis services for the Government Customer Systems and services. Through Security Assessments & Authorizations and continuous security monitoring, CSAS ensures ongoing awareness of the confidentiality, integrity, and availability of the Government Customer information and the Government Customer information systems. The CSAS conducts comprehensive, formal, independent assessment of the management, operation, and technical security controls of the Government Customer System to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the Government Agency security requirements. These assessments serve as a key input into the Government Agency risk management program and to the continuous monitoring of the security of the Government Customer systems and services. Utilizing an extensive variety of automated vulnerability assessment tools and techniques, CSAS continuously accesses security on large and complex variety of operating systems (OS), databases, web applications and services, appliances, network devices, and numerous other applications and devices. CSAS facilitates security monitoring, software engineering, and software analysis services. CSAS includes a system that consists of multiple cloud-hosted security tools to enable software, platform, and infrastructure security assessments and monitoring. These tools are critical to enabling the CSAS team and CIAU to perform security assessments and continuous monitoring of the Government Customer systems and software including identification of software security vulnerabilities; security analysis of source code and open source software; identification of security misconfigurations; and vulnerability assessment of infrastructure-as-code; and container applications and environments.

CSAS toolset and supporting applications currently includes Tenable Security Center, Microsoft Defender for Endpoint, BigFix, OWASP Zap, BurpSuite, Black Duck, Coverity, Software Risk Manager, Checkov, Trivy, ClamAV, Red Hat Advanced Cluster Security for Kubernetes, Jira, Confluence, Bitbucket, Bamboo, and SharePoint. These tools are subject to change, and Vendors are responsible for supporting these and additional applications and toolsets, as needed.

SKILLS

• Assists Information System Security Officers in evaluations of delivered software
• Conducts static analysis on source code developed in common programming and scripting languages, including, but not limited to, C, C++, Java, C#, Groovy, Python, Perl, Pup, JavaScript, Ruby, Bash, Powershell, and Objective C, and identifying the presence of any vulnerabilities or potentially malicious logic
• Conducts dynamic, manual, and automated binary reverse engineering analysis on developed applications identifying the presence of any vulnerabilities or potentially malicious logic
• Provides technical guidance on typical indications of malicious logic and intent for both source code and compiled binary files
• Performs manual and automatic assessments of code libraries and cross reference them with industry best practices and OWASP Top 10
• Creates frameworks, internal tooling, scripts, and application extensions to support efficient and effective software security analysis processes
• Performs static and dynamic analysis of known malicious and unknown binary files, reverse engineering of compiled software, functional analysis of source code/scripts, and/or hardware/firmware analysis.
• Provides technical guidance on secure software development methodologies, techniques, and best practices
• Provides technical guidance on secure web development techniques, interfaces, and web security best practices
• Assists the Government Customer stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities of the Government Customer information systems and services
• Provides presentations, briefings, and knowledge transfers as assigned
• Develops applicable reports (e.g. risk, secure code assessment reports), as assigned.

REQUIRED QUALIFICATIONS

• Active Top Secret Clearance required
• 6+ years of experience in IT security or a related field

PREFERRED CERTIFICATIONS

• Master’s degree in IT-related field
• COMPTIA Sec+ or equivalent preferred

 We are seeking an experienced Cyber Capability Developer, Senior in support of a government customer that manages the minimum baseline information system security controls to ensure that the confidentiality, integrity, and availability of the government agency’s computer systems, networks, and information are maintained and supports the assurance of secure information sharing within the customer and its partners. The team is managing and modernizing a life-cycle security model that develops, maintains, and dispositions information systems, services, and data, and safeguards their confidentiality, integrity, and availability. The team also manages the minimum baseline Information System security controls to ensure that the confidentiality, integrity, and availability of the government agency’s computer systems.

TekSynap is a fast-growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. “Technology moving at the speed of thought” embodies these principles – the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers.

We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays.

Visit us at www.TekSynap.com. 

Apply now to explore jobs with us!  

The safety and health of our employees is of the utmost importance.  Employees are required to comply with any contractually mandated Federal COVID-19 requirements.  More information can be found here.

"As part of the application process, you agree that TekSynap Corporation may retain and use your name, e-mail, and contact information for purposes related to employment consideration".

WORK ENVIRONMENT AND PHYSICAL DEMANDS

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of the job.  Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. 

• Location: Clarksburg, WV
• Remote or In-Person: 100% On site. Remote/Telework not available.
• Type of environment: Office
• Noise level: Medium
• Work schedule: Schedule is day shift Monday – Friday.
• Amount of Travel: Travel is not expected

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

WORK AUTHORIZATION/SECURITY CLEARANCE

• Active Top Secret Clearance Required

OTHER DUTIES

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

EQUAL EMPLOYMENT OPPORTUNITY

In order to provide equal employment and advancement opportunities to all individuals, employment decisions will be based on merit, qualifications, and abilities. TekSynap does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age, genetic information, or any other characteristic protected by law (referred to as “protected status”). This nondiscrimination policy extends to all terms, conditions, and privileges of employment as well as the use of all company facilities, participation in all company-sponsored activities, and all employment actions such as promotions, compensation, benefits, and termination of employment.