Support the VA Software Assurance Program, an agency-wide ongoing program that works towards continuously improving the security of the VA enterprise applications. Review developer-performed Static Application Security Testing (SAST) scans of custom-developed application source code for correctness and completeness against VA Standard Operating Procedures (SOP). Support the development of application-level threat models as part of ongoing secure design review activities. Provide instructor-led training on the use of SAST tools, including the development of custom rulepacks to tailor scans to system development team solution stacks. Support the VA Software Assurance Program manager responsible for the ongoing program, including all ongoing efforts to assist VA application developers with building security into their applications during their initial development and ongoing maintenance.
· Does modifications to, and maintenance of, existing programs and procedures. May be required to create procedural forms and documentation, including flow charts and system documentation. May lead a small team of programmers on a project.
· Experience in working with software security, the software development life cycle, and DevOps.
· Experience in conducting secure code reviews using commercial SAST tools, such as Micro Focus Fortify Static Code Analyzer (SCA), HCL AppScan Source, and Checkmarx CxSAST.
· Experience developing application-level threat models using tools such as Microsoft Threat Modeling Tool.
· Experience in application security vulnerability management tools such as Denim ThreadFix.
· Bachelor's Degree in Computer Science, Engineering, Math, or equivalent
· 4 years of experience
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
Job Types: Full-time, Contract