– Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.
– Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria
– Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.
– Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
– Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats.
– Prior experience in Software security testing, Penetration testing, Vulnerability, review code, information assurance.
– Certifications in software security testing, penetration testing, secure coding
– Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
– Skill in evaluating the adequacy of security designs.
– Skill in performing impact/risk assessments.
– Skill in secure test plan design (e. g. unit, integration, system, acceptance).
– Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
– Skill in conducting application vulnerability assessments.
– Skill in the use of penetration testing tools and techniques.
– Skill in using code analysis tools.
– Skill in integrating black box security testing tools into quality assurance process of software releases.
– Skill in designing countermeasures to identified security risks.
– Skill in developing and deploying attack signatures.