Secure Software Engineer
- Posted: over a month ago
- $70,000 to $95,000 Yearly
- Benefits: life insurance, medical, vision, 401k, dental,
- 2+ years of software development experience with any one of the object oriented programming languages like Java, Ruby, C#.
- Git and Linux/Unix Commands.
- Knowledge and understanding of Secure Code practices.
- Perform code review and audit application source code scans for security vulnerabilities, and identify True Positives and False Positives.
- Providing guidance to development community for resolving the vulnerabilities. Should be able to interact on daily basis with development community on the security issues of their applications.
- Understanding of source code vulnerabilities such as Cross-Site Scripting, SQL Injection, Heap Inspection, DOM Injection, SSRF (Server-Side Request Forgery), XSRF (Cross-Site Request Forgery) etc.
- Should be able to research on third party library vulnerable and non-vulnerable packages from different sources like NIST, OWASP and provide upgrade guidance on recent non-vulnerable components.
- Understanding of Jenkins Pipeline.
- Understanding of relational databases and experience in writing SQL queries.
- Bachelor Degree at a minimal is required to be considered for this position.
Tools: Checkmarx, blackduck, Nexus IQ, Blackduck, Eclipse, SQL Server Management Studio
Desired but not required:
- Ability to take a product through the entire lifecycle of analysis, design, coding, testing and implementation and support.
- Experienced with implementing all aspects of an application design – high performance design, coding, caching mechanisms, security, encryption, state management, error logging, debugging, scalability, code reviews, development environment configuration, and testing.
- Experienced with performing unit and system level testing on web applications.
- Proven track record of designing scalable, web based distributed software applications
- Experience developing software in the government sector (a plus).
· Experience or knowledge of Jenkins, Cloud, and Maven
· Experience with collaboration tools such as SharePoint
· Experience with integrating SCA code scanning into the build process
· Code scanning experience - Manual/Automated/Static/Dynamic
· Experience/exposure in major programming languages such as JAVA EE, .NET,
COBOL, ColdFusion, etc.
Volpe Information Techology Group, Inc.
TechnologyView all jobs at Volpe Information Techology Group, Inc.