Millennium Corporation is hiring an Software Assurance Engineer to work in New Orleans, LA. All candidates must have an active secret clearance to qualify for consideration.

Responsibilities:

• Partner with program management, engineering, and accreditation security specialists to ensurerequired security solutions and controls are in place throughout all IT systems and platforms tomitigate identified risks sufficiently, and designed to meet functional objectives and regulatoryrequirements
• Clearly articulate security, to development and testing teams, remediation advice related to web,rich client, services, or mobile development languages and frameworks
• Proven ability to analyze and define Cybersecurity requirements throughout the entire Program Life Cycle from early requirements definition through delivery, operations, and decommissioning
• Strong understanding of various development methodologies and approaches to integrate securityinto the SDLC
• Execute expert-level application security assessments. Must be able to identify, re-create, and remediate security defects
• Experience implementing and executing Threat Model development and analysis
• Deep understanding of OWASP, common application security flaws, and secure coding practices, coupled with the ability to clearly explain security issues and remediation approaches to project and development staff
• Proven experience in software/application/system integration design and testing
• In-depth knowledge of HTTP, REST, SOAP, XML and JSON as it relates to client and server-side web applications
• Experience in software development and coding in various languages (C#, .NET, Java etc.)
• Understand and of AWS, Azure, and vSphere, and how to align DoD/NIST security controls to those environments
• Perform static and dynamic code analysis using manual methodologies and automated tools (HP Fortify SCA and WebInspect)
• Develop and maintain software assurance metrics, trend analysis, and reporting in order to prioritize and track security issues
• Experience in the DIACAP/RMF Certification and Accreditation process; specifically, eMASS POA&M and RAR creation

Qualifications:

• All candidates must have an active secret clearance to qualify for consideration.
• Bachelor's degree and 8 yrs of engineering, computer science, or information technology experience including at least three (3) to six (6) years of Cybersecurity experience OR HS Diploma and 13 yrs of experience with atleast a 1 year experience in cybersecurity.
• Experience in DoD Risk Management Framework (RMF)
• Familiarity with HTML, JavaScript, Python, SAML, and YAML.
• Familiarity with SAST tools such as GitLab, Fortify, Black Pearl, etc.
• Familiarity with source code repositories such as Git.
• Familiarity Fundamental awareness and RMF familiarity gained through formal training in the development of one or more Security Authorization Package or past experience with DoD Assessment & Authorization (A&A).
• IAM Level II certification
• Experience in Software Assurance, code analysis, remediation of security defects