Overview:
Quantum Research International, Inc. (Quantum) is a certified DoD Contractor providing services and products to US/Alliedgovernments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space and Ground Support Systems; (3) Aviation Systems; (4) Missile Systems; (5) Artificial Intelligence/ Machine Learning Systems and Experimentation/Training; and (6) Audio Visual Systems and Services. Quantum's Corporate Office is in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen; MD; Colorado Springs, CO; Orlando, FL; Crestview, FL; and Tupelo, MS.

Mission:

As a member of the NGA DEFENDER Cybersecurity Software Assurance team, the contractor helps to determine the risk of using commercial, government, and open-source software within NGA and employs software code analysis techniques to mitigate risk during Software Development Life Cycles (SDLC). The Secure Software Assessor analyzes the security of new or existing computer applications, software, or specialized utility programs on or preparing to deploy on NGA systems and provides actionable results. This position is available immediately and supports the National Geospatial-Intelligence Agency (NGA) onsite at NGA headquarters in Springfield, VA.

Responsibilities:

Secure Software Assessor (Advanced) shall assist the customer analyze scanned code to developers for remediation of findings and facilitates the coordination of static code analysis tool deployment within NGA development environments. The contractor applies the automated enterprise NGA Software Assurance Process (SWAP) process for submission and adjudication of NGA software requests. The contractor also supports NGA Test Organization (NTO) Security Assurance activities leading to a Certificate-to-Field (CtF). Specific responsibilities include:

• Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews.
• Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
• Consult with engineering staff to evaluate interface between hardware and software.
• Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
• Identify basic common coding flaws at a high level, identify security implications, and apply methodologies within centralized and decentralized environments across the enterprise's computer systems in software development.
• Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
• Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
• Analyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandates.
• Conduct trial runs of programs and software applications to ensure that the desired information is produced, and instructions and security levels are correct.

Requirements:

• Bachelor's degree in Computer Science or Information Systems or other STEM technically relevant degree. In lieu of degree, CISSP-ISSEP may be accepted in conjunction with relevant experience.
• Experience with Computer Network Defense (CND) Intelligence Analysis, Assessments, and/or Open-Source Research.
• Knowledge of Government standards for data security such as markings, handling of classified and unclassified information, and how to handle the distribution of this information.
• Knowledge of computer networking concepts and protocols, and network security methodologies, as well as risk management processes (e.g., methods for assessing and mitigating risk).
• Understands complex data structures, computer programming principles, and cybersecurity and privacy principles and methods that apply to software development.
• Works with low-level computer languages (e.g., assembly languages), programming language structures and logic and operating systems.
• Identifies system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Experience with software debugging principles, software design tools, methods, and techniques, and software development models (e.g., Waterfall Model, Spiral Model).
• Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language).
• Understands how to interpret and compile computer languages, secure coding techniques, and software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).
• Familiar with secure software deployment methodologies, tools, and practices.
• Clearance: TS/SCI eligible, subject to CI Polygraph.
• IAM or IAT Level 3 certifications

Desired/Preferred Skills

• Analyze target communication networks and essential network data (e.g., router configuration, files, routing protocols).
• Apply various analytical methods, tools, and techniques (e.g., competing hypotheses; chain of reasoning; scenario methods; denial and deception detection; high impact-low probability; network/association or link analysis; Bayesian, Delphi, and Pattern analyses).
• Conduct vulnerability scans and recognize vulnerabilities in security systems, and design countermeasures to identified security risks.
• Develop and apply security system access controls, and discern the protection needs (i.e., security controls) of information systems and networks.
• Integrate black box security testing tools into quality assurance process of software releases.
• Design secure test plans (e. g. unit, integration, system, acceptance), and use code analysis tools.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.