Software Engineer

Marvel Technologies Inc - Tarrytown, NY (30+ days ago)


Job Description: - PowerShell Engineers with STIG/DIACAP experience

Location: Newyork

Duration: 6 Months
Background
Source code management (SCM) & DevOps team (Infrastructure Team) manages the entire continuous integration, continues development chain process of a global Engineering conglomerate.
The application is developed using Microsoft technology C#, C++, WPF, MVVM and customs control on a Windows-7 platform. The backbone of the entire SCM is Microsoft TFS while the packaging strategy is utilizing MSI and WIX. The current build management is driven by customized XMAL with PowerShell usage. Now the plans are to move to VNEXT that provides flexibility as an orchestrator and allows better reporting, triggering and logging facility.
The Goal of this team is to make the build environment to be in compliant with DIACAP (DoD Information Assurance Certification and Accreditation) process
Keywords: - STIG, PowerShell, MSI, Windows Imaging WIX, TFS
Expectations – The team is looking out for Engineers who can augment the current team and support on following tasks
This means the identified engineer needs experience in DIACAP / STIG process (not knowledge) on how the system could be transformed to be DIACAP compliant system.
  • Experienced in the Security Technical Implementation Guide (STIG) that provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR).
  • Experience in PowerShell is MUST. Should be able to resolve and fix the issues identified in STIG scans.
  • Experience in MSBuild using WIX is desirable.
  • Identify loopholes and open items as part of IIS 7.0 Web Server to ensure that the IIS 7.0 becomes STIG compliant and thus related request handling and filtering are done in control manner and encryption is applied for protocols or data exchange for HTTP, FTP or telnet and more of such tasks etc.
  • Ensuring the basic need of McAfee VirusScan 8.8 Managed Client STIG that highly suggests having antivirus to be monitoring 24*7 along with no possibility of stoppage of such services and availability of antivirus signed files almost every day
  • Ensure security enablement in Microsoft Internet Explorer 11 client used on Windows-7 workstations like script execution, popup restrictions as needed and stoppage of unsigned ACTIVEX controls
  • Experience in interpreting STIG scans that reflect results on a periodic basis.
  • Experience in working on adding check and controls to build the management system that automates scans ensure STIG compliance.
Soft Skills
  • Good Team Player
  • Good Written and verbal communication skills
  • Customer facing experience would be added advantage