Software Security Test Engineer

Job Description:

XOR Security is currently seeking  a Software Security Test Engineer to support an Agency-level SOC program. The position will lead the analysts that will conduct software testing leveraging open source technologies and COTS products.  To support this vital mission, XOR staff are on the forefront of providing Advanced CND Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security, and resiliency of critical operations, we are seeking candidates with diverse backgrounds in software assurance testing, vulnerability assessment, and penetration testing.  Candidates must have experience researching software vulnerabilities for known CVEs, conducting network packet capture analysis, alignment with organizational policies, and analyzing network/system level activities of the application.   The ideal candidate will have a solid understanding of operating system and application vulnerabilities, with hands-on experience conducting technical software testing in a cyber security context in support of continuous monitoring efforts. 

Corporate duties such as solution/proposal development, corporate culture development, mentoring employees, supporting recruiting efforts, will also be required.  The program allows for remote support with requirements to come on site only if needed with 24 hours notice.   

The Position is contingent on successfully completing a program-based background investigation.

Job Duties:

• Monitor email and ticketing queues to intake desktop software review requests from federal leadership and security division.
• Research open-source resources (e.g. National Vulnerability Database) for applicable CVEs and known exploited vulnerabilities
• Determine gaps with USPTO baselines and policy
• Install software in lab environment and test for efficacy of security functionality and assess network and system level activity using testing software such as Fiddler) and installed software on Kali Linux such as the Wireshark
• Assess available documentation including usage and installation instructions for risk
• Assess risk in terms of data collection, processing and storage
• Develop disposition and recommendation reports detailing risks, mitigation recommendations, and approval recommendations
• Manage lab environment to ensure deployed software is up to date
• Advise on open-source testing automation tools
• Stay up to date with current vulnerabilities, attacks, and countermeasures and provide a detailed analysis of enterprise risks, compensating controls, and risk mitigation plans.

Required Qualifications:

• 7 years experience in IT, software testing, and/or cyber security
• Technical BA/BS
• Experience using Fiddler for software testing
• Experience analyzing PCAP for network activity
• Experience assessing security documentation, system design documents
• Self-starter with excellent organizational and attention to detail in tracking and reporting compliance activity and trend analysis of enterprise vulnerabilities.
• A working knowledge of the various operating systems (e.g. Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, a conceptual understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and common internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).

Desired Qualifications:

• One or more certifications:  CEH, LPT, GPEN, GWAPT, CSSLP, CISSP, CAP, Security , Network , PenTest , GSNA
• Experience using Kali Linux for software testing
• Experience assessing FedRAMP packages
• Experience managing tasks in Agile-based task tracking software such as Rally

Closing Statement:

XOR Security offers a very competitive benefits package including paid health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation - Applicants must meet eligibility requirements – US CITIZENSHIP and AGENCY CLEARANCE REQUIRED.