Software Security Engineer

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: 5 hours ago

Vacancies: 1 Vacancy

Job Summary

Role: Software Security Engineer

Location: Remote ( Washington DC) Note: some travel to DC region for Occasional meetings will be required

Duration: 12 Months Contract

Clearance: Active Top Secret Clearance

Task Description:

Takes proactive measures to monitor and protect a companys systems.
Performs code review to improve software security.
Tests and screens security software and systems.
Fixes possible causes of security breaches and recommends how the level security could be improved.
Implements security-related tools and applications.
Informs team members about secure coding practices.
Provides designs for software solutions to help mitigate security vulnerabilities.
Maintains technical documentation.

Required skills/Level of Experience:

The ideal candidate will provide hands-on support across the system lifecycle including identifying vulnerabilities and compliance gaps recommending mitigations supporting remediation and maintaining the documentation required to achieve and sustain Authorization to Operate (ATO). This position works closely with ISSOs ISSMs system owners and technical teams to support ongoing compliance and continuous monitoring.

Key Responsibilities:

Provide ISSE support for the Authorization and Accreditation of FTS applications and systems.
Perform technical security assessments to identify vulnerabilities weaknesses and non-compliance with Information Assurance (IA) standards and regulations.
Recommend mitigation strategies and support remediation of identified security risks and control gaps.
Manage or contribute to eMASS packages in coordination with ISSOs to obtain maintain and renew ATO.
Create maintain and update accreditation documentation required for full ATO submission.
Develop and maintain System Security Plans (SSPs) and related authorization artifacts.
Address security controls respond to stakeholder questions and track deficiencies through the POA&M process.
Update ATO documentation to support ongoing compliance and continuous monitoring.
Conduct periodic reviews to ensure compliance with the SSP internal policies and regulatory requirements.
Ensure systems are operated maintained and disposed of in accordance with approved security plans and practices.
Verify users have the required clearances authorization and need-to-know before granting access to FTS applications.
Report security incidents to the ISSM and support corrective actions when vulnerabilities or incidents are identified.
Ensure Configuration Management (CM) for security-related software hardware and firmware is maintained and documented.
Support audit readiness and other compliance activities throughout the system lifecycle.

Required Qualifications:

Bachelors degree in Cybersecurity Computer Science Information Systems Engineering or related field; equivalent experience may be considered.
3-5 years of experience in cybersecurity ISSE Information Assurance or related security roles.
Experience supporting Authorization and Accreditation (A&A) for applications and systems in regulated environments.
Strong knowledge of RMF A&A and ATO processes.
Hands-on experience with eMASS SSP development POA&M management and accreditation package preparation.
Experience performing technical security assessments and identifying vulnerabilities security weaknesses and compliance gaps.
Knowledge of NIST FISMA and applicable IA/cybersecurity compliance requirements.
Experience recommending mitigation strategies and supporting remediation through closure.
Familiarity with continuous monitoring compliance reviews and lifecycle security documentation.
Experience maintaining documented configuration management practices for security-related software hardware and firmware.
Strong written and verbal communication skills including technical and accreditation documentation.
Ability to work effectively with ISSOs ISSMs system owners and cross-functional technical teams.

Nice to have skills:

Experience supporting federal or other highly regulated systems and environments.
Familiarity with NIST SP 800-53 security controls and related assessment processes.
Relevant security certifications such as CISSP CAP CASP Security or CISM.
Experience with incident reporting corrective action planning and audit support.
Active security clearance or eligibility to obtain one if required.

Clearance:

Active Top Secret Clearance

Role: Software Security Engineer Location: Remote ( Washington DC) Note: some travel to DC region for Occasional meetings will be required Duration: 12 Months Contract Clearance: Active Top Secret Clearance Task Description: Takes proactive measures to monitor and protect a companys systems. Pe...