The Software Security Developer works as a member of the development team to build applications, services, and systems (e.g., user-facing and back-end services) with a focus on security control design, development, techniques, and validation/verification. This includes researching new techniques and technologies to stay current in software development methodologies and tools specific to providing secure applications. They participate in all development, testing, deployment, and support activities. Additionally, they provide specific security expertise, mentoring the development team and participating in development of application security components. They mentor the testing team and help conduct testing focused on all security aspects of the application.The projected compensation range for this position is $130,000-$160,000 (annualized USD). The final salary offered will generally fall within this range and is determined by various factors, including but not limited to the individual’s particular combination of education, knowledge, skills, competencies, and experience, as well as internal pay equity, location, contract-specific affordability and other organizational requirements.Required Skills
Minimum 9 years IT security (Cybersecurity) experience with Bachelor’s degree in science, technology, engineering, and math (STEM)Experience can be considered in lieu of degreeExperience applying software security techniques, controls, and best practices to mitigate risk against malicious atacks and ensure continued operationsAt least one of the non-AWS certifications listed in the desired skillDesirable Skills
Certified Application Security Engineer (CASE) Certification or Certified Secure Software Lifecycle Professional (CSSLP) CertificationCertified Ethical Hacker (CEH) Certification or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer ProfessionalExperience with DevOpsSec pipeline tools including configuration management, requirements (e.g. JIRA), automated testing, automated deployments, blue green deployments, and branching strategy and implementationExperience in cloud computing including concepts, capabilities, and applications as they relate to storage, processing, dissemination, and overall securityExperience with Java, Python, and JavaScript to build complex software applicationsExperience with agile development methodologies and multi-disciplinary teamsExperience building web APIs using standards established in NIST SP 800-204Demonstrated experience with software development lifecycle (SDLC)Demonstrated expertise in developing and managing governance policy (i.e., software development standards, best practices in building and maintaining software)Experience with Security Control Assessments with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series