Job Description:
TMC Technologies is in immediate need of an Application Security Analyst to support ongoing development activities of critical FBI IT systems. Due to federal contract requirements, the candidate must possess a US Citizenship and an active Top Secret clearance.
Responsibilities and qualities of the Application Security Analyst may include:
- Previous System Administration, Developer, and Web services experience in an Enterprise Environment utilizing cross platform technologies;
- Knowledge of networking and virtualization technology, such as OpenStack, RHEV, etc.;
- Experience in information system compliance with government standards and industry best practices (e.g. NIST, OWASP, Common Criteria, DISA and SANS Institute);
- Documented experience in Python, Perl, and JAVA.
- Documented experience is preferred in as many of the following programming languages, web services, and applicable software stacks as possible: REST, PowerShell, SOAP, Apache Struts, Websockets, Java Message Queue, RPC over HTTP, WIA (Windows, IIS, ASP.NET), C, C , C#, Node.js, JavaScript, Pega, Groovy, LAMP (Linux, Apache, MySQL, PHP), AMP (Apache, MySQL, PHP), JOLT (Java, Oracle, Linux, Tomcat), and LAMJ (Linux, Apache, MySQL, JSP Servlets)
- Provide support to the SAA process of CJIS information systems through secure coding evaluation, to verify and validate conformance to Federal and FBI policies, regulations, FISMA compliance and standards, and meet specified security requirements;
- Assist ISSOs in evaluations of delivered software;
- Conduct static analysis on source code developed in common programming and scripting languages, including, but not limited to, C, C , Java, C#, Groovy, Python, Perl, Pup, JavaScript, Ruby, Bash, Powershell, and Objective C, and identifying the presence of any vulnerabilities or potentially malicious logic;
- Conduct dynamic, manual, and automated binary reverse engineering analysis on developed applications identifying the presence of any vulnerabilities or potentially malicious logic;
- Support full stack security analysis of developed and deployed applications, including implemented OS, platform, application, and interface and operations and maintenance (O&M) components;
- Provide technical guidance on common software vulnerabilities and methods for avoiding them in application development;
- Create frameworks, internal tooling, scripts, and application extensions to support efficient and effective software security analysis processes;
- Provide technical guidance on secure software development methodologies, techniques, and best practices; - Provide technical guidance on typical indications of malicious logic and intent for both source code and compiled binary files;
- Review and evaluate information technology project software design, architecture, and implementation decisions. - Provide feedback on areas of potential security weakness and recommendations on improvements to resolve areas of concern
U.S. Citizenship and Active Top Secret Clearance required
Associate’s Degree in Computer Science, Information Systems Management, or related field preferred
3 year's experience using Python and Perl along with at least one high level language: Java, C , .NET, or another compiled language required
Certified Application Security Specialist (CASS) Certification or equivalent preferred
Job Type: Full-time