Software Assurance Engineer - Millennium Corporation
New Orleans, LA 70145
About the Job
For two decades, Millennium Corporation has been operating on the leading edge of cybersecurity. Our elite team of more than 400 experts has an unparalleled record of performance supporting Red Team Operations, Defensive Cyber Operations, Software Engineering, and Technical Engineering. With the largest contingent of contracted Red Team operators in the DoD, we provide an unmatched level of threat intelligence and battle-tested experience for customers in both the DoD and federal civilian markets.
What We Believe:We believe that diversity is a fact, inclusion is a choice. At Millennium Corporation, we are inclusive. We celebrate multiple approaches and different points of view. We strongly believe that diversity drives innovation, and we are building a culture where differences are valued. We are always growing our programs and we offer tools to help our employees grow and manage their careers.
Millennium is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. Millennium promotes affirmative action for women, minorities, disabled persons, LGBTQ+ and veterans.
Responsibilities:Millennium Corporation is hiring an Information Systems Security Engineer (ISSE) to work in New Orleans, LA. All candidates must have an active secret clearance to qualify for consideration.
- Partner with program management, engineering, and accreditation security specialists to ensurerequired security solutions and controls are in place throughout all IT systems and platforms tomitigate identified risks sufficiently, and designed to meet functional objectives and regulatoryrequirements
- Clearly articulate security, to development and testing teams, remediation advice related to web,rich client, services, or mobile development languages and frameworks
- Proven ability to analyze and define Cybersecurity requirements throughout the entire Program Life Cycle from early requirements definition through delivery, operations, and decommissioning
- Strong understanding of various development methodologies and approaches to integrate securityinto the SDLC
- Execute expert-level application security assessments. Must be able to identify, re-create, and remediate security defects
- Experience implementing and executing Threat Model development and analysis
- Deep understanding of OWASP, common application security flaws, and secure coding practices, coupled with the ability to clearly explain security issues and remediation approaches to project and development staff
- Proven experience in software/application/system integration design and testing
- In-depth knowledge of HTTP, REST, SOAP, XML and JSON as it relates to client and server-side web applications
- Experience in software development and coding in various languages (C#, .NET, Java etc.)
- Understand and of AWS, Azure, and vSphere, and how to align DoD/NIST security controls to those environments
- Perform static and dynamic code analysis using manual methodologies and automated tools (HP Fortify SCA and WebInspect)
- Develop and maintain software assurance metrics, trend analysis, and reporting in order to prioritize and track security issues
- Experience in the DIACAP/RMF Certification and Accreditation process; specifically, eMASS POA&M and RAR creation
- All candidates must have an active secret clearance to qualify for consideration.
- Bachelor's degree and 8 yrs of engineering, computer science, or information technology experience including at least three (3) to six (6) years of Cybersecurity experience OR HS Diploma and 13 yrs of experience with atleast a 1 year experience in cybersecurity.
- Experience in DoD Risk Management Framework (RMF)
- Familiarity with HTML, JavaScript, Python, SAML, and YAML.
- Familiarity with SAST tools such as GitLab, Fortify, Black Pearl, etc.
- Familiarity with source code repositories such as Git.
- Familiarity Fundamental awareness and RMF familiarity gained through formal training in the development of one or more Security Authorization Package or past experience with DoD Assessment & Authorization (A&A).
- IAM Level II certification
- Experience in Software Assurance, code analysis, remediation of security defects
Assist with Business Development activities as required to support Millennium's strategic business objectives, which may include but not limited to participation in technical interviews, creation of technical documentation, general proposal writing support and proposal color reviews.
- Must be comfortable with prolonged periods of sitting at a desk and working on a computer.
- Must be able to lift up to 10-15 pounds at a time.
<10%