Cyber Command Software Security Assurance Project Manager 3

Position Title: Cyber Command Software Security Assurance Project Manager 3

Location: 100% Remote (Monday to Friday 9Am to 5Pm

Job Type: Contract

Duration: 12 Months

Work Schedule: Normal business hours Monday-Friday 35 hours/week (not including mandatory unpaid meal break after 6 hours of work).

Pay Rate: $80 to $90 per hour

Job Description/Justification:

SCOPE OF SERVICES

We are looking for Software Security Assurance Project Manager to support the adoption of secure-by-design practices in software development lifecycle through our Software Security Assurance Program (SSAP).

TASKS:

• Perform application security services including risk assessments, architecture reviews, and code review for internal and third-party applications
• Coordinate with developers, project teams, and third-party vendors to assess and guide secure software development and integration
• Provide consultative guidance during design, development, and deployment phase of new solutions
• Review threat models, validate security controls, and ensure alignment with security policies
• Review and interpret security testing reports and vulnerability findings, and assist with risk remediation strategies
• Contribute improvements in existing AppSec process, workflows, and documentation
• Participate in defining and expanding secure software development lifecycle practices across the organization
• Support the development and refinement of policy and governance documents related to software security
• Track and report on security metrics, status of findings, and overall risk trends
• Support management of tools, resources, and schedules for security testing

MANDATORY SKILLS/EXPERIENCE

Note: Candidates who do not have the mandatory skills will not be considered

• At least 8 years of hands-on experience in application security, secure software development, or security consulting
• Experience conducting security reviews (code, design threat modeling, architecture) for modern applications (web, mobile, cloud-native)
• Strong knowledge of secure development practices, OWASP Top 10, and relevant standards
• Ability to communicate technical risks and recommendations clearly to technical and non-technical audiences
• Familiarity with tools used in code analysis, vulnerability scanning, and security testing
• Experience working cross-functionally with developers, engineers, and product teams

  DESIRABLE SKILLS/EXPERIENCE:

• Experience working within or alongside DevOps/CI-CD environments
• Familiarity with container security, API security, and cloud-native application architectures (AWS, Azure, GCP)
• Experience supporting security governance or policy development
• Experience with risk exception processes or helping define security risk tolerances
• Experience in large, complex organizations or government/public sector environments
• Experience with third-party risk assessments, vendor management, or SaaS reviews