Software Security Engineer
- Role type
Ricardo Defense is seeking five Software Security Engineers to join our team. These Software Security Engineers can be remote however, applicants must live within an hour from one of our offices: Troy, MI, Goleta, CA, California, MD or Huntsville, AL. Employees will be expected to come into the office on an as needed basis.
These Software Security Engineers must be able to identify ways to build security into the software development process and enable developers to adopt those methods with the goal of increasing product security and decreasing development time.
These Software Security Engineers will focus on developing secure software rather than gaining software accreditation. These Software Security Engineers will also be responsible for validating that the created software adheres to NIST STIGs, and Application Development and Security (ADS).
Essential Duties and Responsibilities:
- Illustrate the value of secure coding practices and methods to software developers
- Assisting and confirming secure coding practices are being adopted by developers
- Enable developers to create secure software rather than act as a roadblock to prevent insecure software from entering production
- Employ static code analysis tools and dynamic testing in security analysis
- Incorporate tools and automation to move discovery of defects ‘to the left’
- Identify insecure software deployments not readily apparent through code analysis through applying knowledge of socket usage, networking, encryption, TLS, etc.
- Identify threats, vulnerabilities, and risks for deployed software and prioritize the order in which to address those threats and vulnerabilities
Preference Given To Applicants With The Following Experience:
- Employ existing tools, develop tools when need, and write scripts. Preferred tools include Fortify, SonarQube, SonarLint, OWASP Dependency Checker, OWASP Zap, SkipFish, Jenkins, Bitbucket, Jira, Nessus, OpenVAS, TestComplete/TestExecute, Nmap, Wireshark, Tcpdump. This includes linking tools together for maximum impact
- Have basic skills to capture and create metrics dashboards to identify security trends
- Know the OSI Model and know how to look at security at various layers
- Possess software security certification; such as: CASP+, CEH, CISM, CISSP, OSCP, and/or Security+
- Familiar with DISA STIGs and OWASP Secure Coding Practices
- A bachelor’s degree from an accredited college or university in an applicable field of study
- Minimum of 4 years of software development experience in a developer or security role
- Ability to obtain a Common Access Card, Government Security Clearance and maintain a clearance.
Ricardo Defense offers an impressive compensation and benefits package including:
- Medical, Dental & Vision Benefits
- Company Paid Life and AD&D
- Company Paid Short Term and Long-Term Disability
- Flexible Spending & HSA Accounts
- 401k with Company Match
- Paid holidays, vacation and sick days
Ricardo Defense is a wholly-owned subsidiary of Ricardo Inc. established as a separate limited liability company in 2015 and structured under a Defense Security Service ‘Special Security Agreement’. Ricardo Defense provides engineering, technology, product innovation, sustainment, and field support services for our customers in the defense industry. We are committed to providing outstanding value through quality engineering solutions focused on class-leading product innovation and robust strategic implementation. We are guided by our corporate values of respect, integrity, creativity & innovation and passion. Ricardo, Inc. is the US subsidiary of Ricardo plc. For more information, visit www.ricardo.com.
Ricardo Defense is an Equal Opportunity/Affirmative Action employer. All qualified applicants will be considered without regard to race, color, religion, national origin, sex (including gender identity or gender expression), age, mental or physical disability, creed, ancestry, citizenship, veteran status, marital status, sexual orientation, medical condition, genetic trait or any other characteristic protected by federal, state or local law.