Secure Software Assessor

NOTE: This position requires a US citizen or Green Card holder.

The Enterprise Application & Architecture Operational Support Project aims to modernize and transform the DOE’s technology systems to better support its mission of delivering equity and excellence in education. The project’s primary purpose is to improve the efficiency, scalability, security, and sustainability of DOE’s enterprise applications and supporting architecture. By doing so, it ensures that technology can effectively meet the evolving needs of DOE’s vast network of schools, educators, students, and families.

RESPONSIBILITIES

• The Secure Software Assessor is responsible for evaluating the security of software applications, identifying vulnerabilities, and providing recommendations to improve security. 
• This involves using tools like fuzzing, static analysis, and code reviews to test for potential security issues, as well as developing secure testing procedures. 
• The assessor works through the software development process to ensure security is integrated at every stage, from coding to final testing. 
• They also perform risk analysis to prioritize security efforts and help reduce potential risks.

KEY REQUIREMENTS

• 5+ years of experience in assessing the security of applications throughout their lifecycle.
• Proficiency in security testing tools (e.g., fuzzing, static analysis) and conducting code reviews.
• Familiarity with security frameworks like OWASP, NIST, and ISO/IEC 27001.
• Proficiency in languages (C++, Java, Python) for creating custom security tests and scripts.
• Ability to design secure testing procedures to ensure software is free from vulnerabilities.
• Skills in evaluating security risks, threats, and vulnerabilities to prioritize security efforts.
• Ability to clearly document findings, testing results, and recommendations.
• Experience in integrating security into the software development lifecycle.