MUST BE A U.S. CITIZEN

A3T, a fast growing firm, specializes in Defensive Cyber Security Services, Enterprise Information Technology (IT) Solutions, and Professional Services driven by customer requirements. Our client’s customers are the focal point of all decisions and actions. A3T provides customer-centric services
and focus resources to meet operational requirements, exceed expectations, and sustain organizational growth while mitigating risk.  

Join A3T and watch your career soar! A3T is a small, agile, company looking for incredible talent to support the United States Government in many important national security roles.  A3T is looking to bring on an experienced Software Assurance Program Team Lead - SwARM Team Lead with “Next-Level Thinking” who is ready to take their career to a new level with A3T.

- Perform and support Software Assurance (SwA) program and missions. 

- Provide the level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, throughout the software development life cycle.

- Ensure security is addressed holistically and systematically throughout the Software Development Life Cycle (SDLC).

- Ensure Software Assurance teams provide best-in-class techniques, tools and education to support and increase software security within the Joint Base Pentagon.

- Develop and maintain software assurance processes and practices to discover and diagnose software throughout the Software Development Life Cycle (SDLC).

- Ensure SwA process includes Security Engineering reviews on the system architecture. Security Engineering goes beyond examining a network diagram and data flows. Security Engineering requires analyzing the relationships between components and identifying flaws at the architectural level (proactive steps for an organization to design and build secure software by default and provides the guide for incorporating security into projects, applications, business processes, and all information systems).

- Participate in mission meetings required to document the customer requirements and produce a Software Assurance Plan (SwAP) as a deliverable within ten (10) days of the customer’s request. The SwAP will include: the System Under Test (SUT), mission timelines, communication plan, scope, testing plan, purpose, intended outcome, a detailed inventory organization’s software under test, logical system diagrams and survey of the organization’s Software Assurance Maturity Level (SAMM). If testing on live production systems is required, a Red Team Rules of Engagement (ROE) will be used.

- Provide to the Government a plan to assess all applications within the JSP enclaves annually.

- Complete SwA Assessments within ten (30) days of starting a SwA Assessment on any public facing (internet facing only) software application. SwA Assessment shall at a minimum include the following activity: Static Code Analysis, Dynamic Code Analysis, Spidering, Software Penetration Testing and Database Vulnerability Assessment. 

- Able to support other types of SwA testing to include but not limited to Web Service Testing (such as RESTful API/SOAP), Mobile Application Testing, Web & Mobile Discovery Scanning, fuzzing, and reverse engineering of software.

- Generate a SwA Technical Report (SwATR) within the ten (10) days allocated for the mission. The SwATR shall identify software bugs, flaws, issues, vulnerabilities and provide information for understanding and mitigation. At a minimum, the report shall include an executive summary and for every finding a technical detailed description, evidence, and recommendations. 

- Ensure the SwA Team leverages the Common Weakness Scoring System (CWSS) to score software discovered vulnerabilities. CWSS is part of the Common Weakness Enumeration (CWE) project. SwA Teams utilize the CWSS to grade source code vulnerabilities in baseline application security assessments.

- Provide applicable mapping of CWE controls to RMF software assurance controls.

- Provide a rapid assessment capability to perform ad hoc missions at the request of the government. Rapid assessments will include but are not limited to, Automated and Manual Dynamic Code Analysis, spidering, Software Penetration Testing, and generation of a Rapid Assessment Report (RAR). The Rapid Assessment Report (RAR) will consist of detailed enumerated vulnerability findings, Proof of Concept, applicable required remediation actions, and will be delivered to the Government two (2) days after mission completion.

- Generate a Rapid Assessment Final Report (RAFR) that will summarize the security assessment mission within the Executive Summary, identify the high security risks, threats, and failures found during the mission; and recommended mitigation plan of action addressing overall security issues. The RAFR will be delivered to the Government five (5) days after mission completion.

-Demonstrate expert-level knowledge in planning, directing, and managing projects/operations in an organization similar in size to this acquisition;

-Demonstrate expert-level knowledge and supervision of employees of various labor categories and skills in efforts similar in size and scope as this acquisition;

-Demonstrate expert-level knowledge of Army, DOD and industry accepted policies, standards, best practices, and regulations related to Security Engineering;

-Demonstrate strong working knowledge of large, complex IT environments;

-Demonstrate experience in a DOD IT environment;

-Demonstrate experience with researching and fielding new and innovative technology;

-Expert ability to communicate in both oral and written forms, demonstrating an ability to communicate effectively with all levels of staff as well as clients;

-Demonstrate the capability to deliver presentations to senior leaders and in a conference setting;

-Demonstrate expert-level ability to utilize the Open Web Application Security Project (OWASP) testing guide as a baseline for conducting assessments;

-Demonstrate ability to conduct security forums and workshops to discuss Software Security Assurance;

-Demonstrate expert-level ability to conduct static and dynamic analysis on all applications (i.e. manual inspections & review, threat modeling, code review, and penetration testing);

-Demonstrate knowledge of the Common Weakness Scoring System (CWSS) to score software discovered vulnerabilities;

-Demonstrate expert-level knowledge of Microsoft .NET programming language. Able to understand and manipulate other programming languages Python, PHP, JAVA, classic ASP, C, C#, C++ etc;

-Demonstrate ability to assess an application’s architecture and ensure that security is incorporated into the design of the system;

-Demonstrate ability to generate threat models, mapping the theoretical attack surface for an application and analyze the impact, likelihood, and prevalence of security flaws;

Education Requirement:

- BS or above with an IT focus, or equivalent combination of education and experience

Years of Experience:

-10 or more years IT Security and programming experience or Computer Science Bachelors Degree;
-5 or more years IT Security and programming experience in the Army/DOD or Computer Science Bachelors Degree;

Certification Requirements:

- 8570 Compliant for IAT II CND Auditor and possess an approved Computing Environment Certification;
-Shall possess at the time of award, and retain, GIAC Web Application Penetration Tester (GWAPT) and GIAC Secure Software Programmer (GSSP) certifications;
- Shall possess at the time of award, and retain, Certified Ethical Hacking (CEH)

Clearance Requirements:

Top Secret clearance and DIA adjudicated SCI eligible

Agil3Tech (A3T) offers a competitive benefits package to include: paid holidays, paid time off, medical, dental, vision, company paid long and short term disability and life insurance, referral bonuses, certification reimbursement program, etc.

It is the policy of A3T to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations.

We maintain a drug-free workplace and perform pre-employment substance abuse testing to include background checks.

All your information will be kept confidential according to EEO guidelines.

eVerify Employer