Software Assurance Engineer

Leidos is currently seeking a Software Assurance (SwA) Engineer to ensure security is addressed holistically and systematically throughout the Software Development Life Cycle. SwA provides the level of confidence that software functions as intended and is free of vulnerabilities either intentionally or unintentionally designed or inserted as part of the software throughout SDLC. This positions can be based out of any of our three locations - Alexandria VA Fort Meade MD or Chambersburg position is primarily on-site but partial telework may be available at the discretion of our customer and program management.

Primary Responsibilities:

• Develop and maintain a SwA SOP outlining software discovery and diagnostic processes throughout the SDLC.
• Perform static code analysis dynamic code analysis spidering software penetration testing database vulnerability assessment web service testing mobile application testing web and mobile discovery scanning fuzzing and reverse engineering of software.
• Document customer requirements and produce Software Assurance Plans (SwAP) including System Under Test (SUT) mission timelines Rules of Engagement (ROE) communication plan scope testing plan purpose intended outcome and system diagrams and survey of Software Assurance Maturity Model (SAMM) Level.
• Complete timely SwA Assessments on any public facing software application as well as all internal facing web applications based on SwARM Assessment Schedule including Static Code Analysis Dynamic Code Analysis Spidering Software Penetration Testing and Database Vulnerability Assessment.
• Perform SwA testing to include Web Service Testing Mobile Application Testing Web & Mobile Discovery Scanning fuzzing and reverse engineering of software and generate corresponding SwA technical reports.
• Validate that SwA controls are implemented in RMF packages within eMASS.
• Use the Common Weakness Scoring System (CWSS) to score software vulnerabilities.
• Provide rapid assessment capabilities at the Governments request generating Rapid Assessment Reports (RARs).
• Validate remediation efforts upload Final SwARM Assessment Reports into eMASS and TLR and track unresolved issues for POA&M development.
• Ensure Final Reports highlight critical security risks threats and failures recommending mitigation actions.
• Conduct in-depth assessments as needed and generate In-Depth Assessment Reports.

Basic Qualifications:

• Bachelors degree (IT-related field preferred) and five (5) years of Software Assurance (SwA) application security vulnerability assessment or penetration testing. Additional relevant experience may be considered in lieu of degree.
• Active DoD Top Secret clearance with SCI eligibility required
• DoD 8570 IAM II or IAT II certification
• Proficiency in static and dynamic code analysis penetration testing database vulnerability assessments and software security reviews
• Demonstrable experience with software security testing tools such as Burp Suite Checkmarx Qmulos ACAS and Axonius
• Knowledge of Common Weakness Scoring System (CWSS) for vulnerability assessment
• Demonstrable experience with reverse engineering fuzzing and spidering for security evaluations
• Strong analytical problem-solving and communication skills including ability to communicate and coordinate across multiple internal functional areas and with government contacts at various levels
• Detail-oriented with excellent documentation and reporting abilities

Original Posting:

For U.S. Positions: While subject to change based on business needs Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.