Agile Defense
Software Security Engineer (SME)
Agile Defense, Greendale, Wisconsin, United States, 53129
Agile Defense
At the forefront of innovation, driving advanced capabilities and solutions tailored to the most critical national security and civilian missions.At Agile Defense, we know that action defines the outcome and new challenges require new solutions. That’s why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility—leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation’s vital interests.Requisition #614Job Title: Software Security EngineerLocation: REMOTEClearance Level: Active DoD - Public TrustRequired Certification(s): CISSP (or equivalent), GCSA or possess a willingness to pursue certifications after hireSUMMARYThe United States Patent and Trademark Office (USPTO), Cybersecurity Division, has a requirement to establish a white-box testing capability within USPTO by adding contractor expertise to engage with existing system and product owners with the goal of supplementing companion effort penetration testing services. This effort will enhance data security protections by evaluating USPTO systems, with a specific focus on sensitive Business Impact Information (BII) systems that contain Intellectual Property (IP) and PII.A successful candidate will have verifiable experience in white-box testing, secure coding, static code analysis, dynamic application security testing, architecture security, Application Programmatic Interface (API) validation and communication skills. Strong technical capabilities, and an understanding of in-scope systems to the organization with respect to operational impact, is important as a key function of the role is to work closely with defensive partners.JOB DUTIES AND RESPONSIBILITIESPerform code reviews to identify flaws in the development of custom applications that handle sensitive IP data, particularly those involving complex data transformations, encryption, or proprietary algorithms.Drive configuration auditing through review of system and network configurations for misconfigurations or insecure settings that could lead to exploitation.Execute access controls to validate and assess whether internal access controls effectively enforce the principle of least privilege and prevent unauthorized access to IP data.Generate reports that highlight security weaknesses uncovered during white-box testing and provide actionable remediation steps.Ensure that critical issues are resolved before new software releases or system updates go live, especially if they affect data-sharing processes or BII systems.Research, test, build, and coordinate the conversion and/or continuous integration pipelines and toolchains based on client requirements.Design and develop new software products or major enhancements to existing software to support security operations.Address problems of systems integration, compatibility, automation and orchestrations.Assess cloud security architectures and provide recommendations to improve overall infrastructure security and methods to automate security testing of applications moving through the CI/CD pipeline.Consult with project teams and end users to identify application requirements.Perform feasibility analysis on potential future projects to management.Assist in the evaluation and recommendation of application software packages, application integration and testing tools.Resolve problems with software and respond to suggestions for improvements and enhancements.Education, Background, and Years of Experience10+ years of relevant experience with most of the requirements belowBachelor’s degree/University degree or equivalent experienceADDITIONAL SKILLS & QUALIFICATIONSRequired SkillsSecurity Architecture reviewsDevSecOps CI/CD pipelines standards and best practicesApplication Programming Interface (API) development and testingExtensive experience working with White-Box testing methodologies and techniquesStatic Application Security Testing tools, e.g., SonarQube, Veracode, FortifyDynamic Application Security Testing tools, e.g., OpenText Fortify WebInspect, Veracode, InvictiExperience leveraging the MITRE ATT&CK FrameworkVulnerability Assessment tools, e.g., Nessus, Qualys, Rapid7Exploitation frameworks, e.g., Metasploit, CANVAS, Core ImpactDeep understanding of OSI modelSecurity devices, i.e., Firewalls, VPN, AAA systemsOS Security, e.g., Unix/Linux, Windows, OSXUnderstanding of common protocols, e.g., HTTP, LDAP, SMTP, DNSWeb application infrastructure, e.g., Application Servers, Web Servers, DatabasesDemonstrated ability to collaborate with a variety of analytical groups and service delivery organizationsAdvanced analytical and problem-solving skillsConsistently demonstrates clear and concise written and verbal communicationProficient in interpreting and applying policies, standards, and proceduresDemonstrated ability to remain unbiased in a diverse working environmentPreferred SkillsWeb development and programming languages, e.g., Python, Perl, Ruby, Java, .NetWORKING CONDITIONSEnvironmental ConditionsOffice environmentStrength DemandsSedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.Physical RequirementsStand or SitEmployees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together.Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are.Happy
- Be Infectious. Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.Helpful
- Be Supportive. Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.Honest
- Be Trustworthy. Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.Humble
- Be Grounded. Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.Hungry
- Be Eager. Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.Hustle
- Be Driven. Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
#J-18808-Ljbffr
At the forefront of innovation, driving advanced capabilities and solutions tailored to the most critical national security and civilian missions.At Agile Defense, we know that action defines the outcome and new challenges require new solutions. That’s why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility—leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation’s vital interests.Requisition #614Job Title: Software Security EngineerLocation: REMOTEClearance Level: Active DoD - Public TrustRequired Certification(s): CISSP (or equivalent), GCSA or possess a willingness to pursue certifications after hireSUMMARYThe United States Patent and Trademark Office (USPTO), Cybersecurity Division, has a requirement to establish a white-box testing capability within USPTO by adding contractor expertise to engage with existing system and product owners with the goal of supplementing companion effort penetration testing services. This effort will enhance data security protections by evaluating USPTO systems, with a specific focus on sensitive Business Impact Information (BII) systems that contain Intellectual Property (IP) and PII.A successful candidate will have verifiable experience in white-box testing, secure coding, static code analysis, dynamic application security testing, architecture security, Application Programmatic Interface (API) validation and communication skills. Strong technical capabilities, and an understanding of in-scope systems to the organization with respect to operational impact, is important as a key function of the role is to work closely with defensive partners.JOB DUTIES AND RESPONSIBILITIESPerform code reviews to identify flaws in the development of custom applications that handle sensitive IP data, particularly those involving complex data transformations, encryption, or proprietary algorithms.Drive configuration auditing through review of system and network configurations for misconfigurations or insecure settings that could lead to exploitation.Execute access controls to validate and assess whether internal access controls effectively enforce the principle of least privilege and prevent unauthorized access to IP data.Generate reports that highlight security weaknesses uncovered during white-box testing and provide actionable remediation steps.Ensure that critical issues are resolved before new software releases or system updates go live, especially if they affect data-sharing processes or BII systems.Research, test, build, and coordinate the conversion and/or continuous integration pipelines and toolchains based on client requirements.Design and develop new software products or major enhancements to existing software to support security operations.Address problems of systems integration, compatibility, automation and orchestrations.Assess cloud security architectures and provide recommendations to improve overall infrastructure security and methods to automate security testing of applications moving through the CI/CD pipeline.Consult with project teams and end users to identify application requirements.Perform feasibility analysis on potential future projects to management.Assist in the evaluation and recommendation of application software packages, application integration and testing tools.Resolve problems with software and respond to suggestions for improvements and enhancements.Education, Background, and Years of Experience10+ years of relevant experience with most of the requirements belowBachelor’s degree/University degree or equivalent experienceADDITIONAL SKILLS & QUALIFICATIONSRequired SkillsSecurity Architecture reviewsDevSecOps CI/CD pipelines standards and best practicesApplication Programming Interface (API) development and testingExtensive experience working with White-Box testing methodologies and techniquesStatic Application Security Testing tools, e.g., SonarQube, Veracode, FortifyDynamic Application Security Testing tools, e.g., OpenText Fortify WebInspect, Veracode, InvictiExperience leveraging the MITRE ATT&CK FrameworkVulnerability Assessment tools, e.g., Nessus, Qualys, Rapid7Exploitation frameworks, e.g., Metasploit, CANVAS, Core ImpactDeep understanding of OSI modelSecurity devices, i.e., Firewalls, VPN, AAA systemsOS Security, e.g., Unix/Linux, Windows, OSXUnderstanding of common protocols, e.g., HTTP, LDAP, SMTP, DNSWeb application infrastructure, e.g., Application Servers, Web Servers, DatabasesDemonstrated ability to collaborate with a variety of analytical groups and service delivery organizationsAdvanced analytical and problem-solving skillsConsistently demonstrates clear and concise written and verbal communicationProficient in interpreting and applying policies, standards, and proceduresDemonstrated ability to remain unbiased in a diverse working environmentPreferred SkillsWeb development and programming languages, e.g., Python, Perl, Ruby, Java, .NetWORKING CONDITIONSEnvironmental ConditionsOffice environmentStrength DemandsSedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.Physical RequirementsStand or SitEmployees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together.Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are.Happy
- Be Infectious. Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.Helpful
- Be Supportive. Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.Honest
- Be Trustworthy. Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.Humble
- Be Grounded. Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.Hungry
- Be Eager. Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.Hustle
- Be Driven. Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
#J-18808-Ljbffr