Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Senior Cyber Capability Developer at The Prospective Group TPG
Clarksburg, West Virginia, USA -
Full Time

Start Date

Immediate

Expiry Date

31 Oct, 25

Salary

0.0

Posted On

31 Jul, 25

Experience

6 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Bitbucket, C, Groovy, Ruby, Security Analysis, C++, Java, Kubernetes, Coverity, Bigfix, Engineering Analysis, Powershell, Sharepoint, Objective C, Clamav, Bash, Perl, Bamboo, Javascript, Python, Scripting Languages

Industry

Information Technology/IT

Description

ACTIVE TOP-SECRET SECURITY CLEARANCE REQUIRED.

The Prospective Group (TPG) is looking for a Senior Cyber Capability Developer to provide continuous security monitoring, software engineering, and software analysis services in support of the Federal Bureau of Investigation’s (FBI) Criminal Justice Information Services (CJIS) Information Assurance Unit (CIAU) Systems and services. The mission of CIAU is to provide value-added services in support of the CJIS mission by assuring the integrity of CJIS information systems and information management processes.
CIAU manages the minimum baseline Information System security controls to ensure that the confidentiality, integrity, and availability of the FBI’s computer systems, networks, and information are maintained and supports the assurance of secure information sharing between the CJIS Division and its customers. This role will serve as a part of CJIS’s Security Assessment Services (CSAS) team. CSAS includes a system that consists of multiple cloud-hosted security tools to enable software, platform, and infrastructure security assessments and monitoring. These tools are critical to enabling the CSAS team and CIAU to perform security assessments and continuous monitoring of CJIS systems and software including identification of software security vulnerabilities; security analysis of source code and open-source software; identification of security misconfigurations; and vulnerability assessment of infrastructure-as-code; and container applications and environments.

Responsibilities:

  • Conduct Security Assessments & Authorizations and continuous security monitoring to ensure ongoing awareness of the confidentiality, integrity, and availability of the CJIS information and CJIS information systems.
  • Conduct comprehensive, formal, independent assessment of the management, operation, and technical security controls of CJIS System to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting FBI security requirements. These assessments serve as a key input into the FBI risk management program and to the continuous monitoring of the security of CJIS systems and services.
  • Utilize an extensive variety of automated vulnerability assessment tools and techniques to continuously accesses security on large and complex variety of operating systems (OS), databases, web applications and services, appliances, network devices, and numerous other applications and devices.
  • Facilitate security monitoring, software engineering, and software analysis services.
  • Assist Information System Security Officers in evaluations of delivered software.
  • Conduct static analysis on source code developed in common programming and scripting languages, including, but not limited to, C, C++, Java, C#, Groovy, Python, Perl, Pup, JavaScript, Ruby, Bash, Powershell, and Objective C, and identifying the presence of any vulnerabilities or potentially malicious logic.
  • Conduct dynamic, manual, and automated binary reverse engineering analysis on developed applications identifying the presence of any vulnerabilities or potentially malicious logic.
  • Provides technical guidance on typical indications of malicious logic and intent for both source code and compiled binary files.
  • Performs manual and automatic assessments of code libraries and cross reference them with industry best practices and OWASP Top 10.
  • Creates frameworks, internal tooling, scripts, and application extensions to support efficient and effective software security analysis processes
  • Perform static and dynamic analysis of known malicious and unknown binary files, reverse engineering of compiled software, functional analysis of source code/scripts, and/or hardware/firmware analysis.
  • Provide technical guidance on secure software development and web development methodologies, techniques, and best practices
  • Assist CJIS stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities of CJIS information systems and services
  • Provide presentations, briefings, and knowledge transfers as assigned

Qualifications:

  • Experience conducting dynamic, manual, and automated binary reverse engineering analysis to identify vulnerabilities or potentially malicious logic.
  • Experience performing manual and automatic assessments of code libraries and cross referencing them with industry best practices.
  • Experience creating frameworks, internal tooling, scripts, and application extensions to support software security analysis.
  • Experience performing static and dynamic analysis of known malicious and unknown binary files.
  • Experience providing technical guidance on secure software and web development methodologies, techniques, and best practices.
  • Experience with programming and scripting languages including C, C++, Java, C#, Groovy, Python, Perl, Pup, JavaScript, Ruby, Bash, Powershell, and Objective C
  • Experience with toolsets and applications to include:
  • Tenable Security Center
  • Microsoft Defender for Endpoint
  • BigFix
  • OWASP Zap
  • BurpSuite
  • Black Duck
  • Coverity
  • Software Risk Manager
  • Checkov
  • Trivy
  • ClamAV
  • Red Hat Advanced Cluster Security for Kubernetes
  • Jira/Confluence
  • Bitbucket
  • Bamboo
  • SharePoint

.

(Highly) Preferred Qualifications:

  • 6+ year’s of experience
  • COMPTIA Sec+ or equivalent preferred
  • Certified Ethical Hacker (CEH) or equivalent preferred
  • Masters Degree

The Prospective Group (TPG) is an IT management consulting company providing services internationally to government and commercial entities. Being Prospective - leaning forward with action - defines the TPG culture.
Our focus areas include but are not limited to program/project management, cloud computing, software development, cybersecurity, data science/analytics, and diplomatic business support.
T
PG is a women-owned small business (WOSB), appraised at CMMI Level 3 with excellent performance credentials.
The Prospective Group is an Equal Opportunity and Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or orientation, national origin, disability, or protected veteran status

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities
  • Conduct Security Assessments & Authorizations and continuous security monitoring to ensure ongoing awareness of the confidentiality, integrity, and availability of the CJIS information and CJIS information systems.
  • Conduct comprehensive, formal, independent assessment of the management, operation, and technical security controls of CJIS System to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting FBI security requirements. These assessments serve as a key input into the FBI risk management program and to the continuous monitoring of the security of CJIS systems and services.
  • Utilize an extensive variety of automated vulnerability assessment tools and techniques to continuously accesses security on large and complex variety of operating systems (OS), databases, web applications and services, appliances, network devices, and numerous other applications and devices.
  • Facilitate security monitoring, software engineering, and software analysis services.
  • Assist Information System Security Officers in evaluations of delivered software.
  • Conduct static analysis on source code developed in common programming and scripting languages, including, but not limited to, C, C++, Java, C#, Groovy, Python, Perl, Pup, JavaScript, Ruby, Bash, Powershell, and Objective C, and identifying the presence of any vulnerabilities or potentially malicious logic.
  • Conduct dynamic, manual, and automated binary reverse engineering analysis on developed applications identifying the presence of any vulnerabilities or potentially malicious logic.
  • Provides technical guidance on typical indications of malicious logic and intent for both source code and compiled binary files.
  • Performs manual and automatic assessments of code libraries and cross reference them with industry best practices and OWASP Top 10.
  • Creates frameworks, internal tooling, scripts, and application extensions to support efficient and effective software security analysis processes
  • Perform static and dynamic analysis of known malicious and unknown binary files, reverse engineering of compiled software, functional analysis of source code/scripts, and/or hardware/firmware analysis.
  • Provide technical guidance on secure software development and web development methodologies, techniques, and best practices
  • Assist CJIS stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities of CJIS information systems and services
  • Provide presentations, briefings, and knowledge transfers as assigne