Senior Cyber Security Engineer

Our client is seeking a well-qualified Senior Cyber Security Engineer to join the Cyber Security Engineering team. The position provides secure software cybersecurity expertise; as well as guiding the secure implementation of databases. The successful candidate is expected to have proven experience implementing secure coding standards, the Defense Information Systems Agency (DISA) Application Security and Development Security Technical Implementation Guide (ASD STIG), database security, Python coding, and experience with the Risk Management Framework (RMF) process and artifact development leading to a successful Authorization to Operate (ATO).  Continuous Integration / Continuous Deployment (CI/CD) pipeline and DevSecOps experience is highly desired; as is the ability to effectively perform in a dynamic, agile development environment.

Job Responsibilities: Perform security analysis of software applications using both automated tooling (static code analysis, software composition analysis, fuzzing) and manual code and design review.

• Support integration of tools and processes into DevSecOps pipelines.
• Design, implement, and integrate improvements to software analysis continuous integration tooling.
• Perform/analyze compliance scans and generate reports (e.g., STIG, SCAP, SCA, vulnerability scans, etc.).
• Support software developers in remediating issues identified during code analysis & support software developers in integrating security into system designs.
• Develop and augment automation through scripting or programming and collaborating w/ teams for security functionality to meet cyber requirements

Required Skillset: 

• Experience with cyber security engineering projects (specifically focused on software security) and programs for U.S. Government clients
• Typically requires a Bachelor's degree in Science, Technology, Engineering or Mathematics (STEM) and 5+ years of engineering experience in cyber security
• Experience with Risk Management Framework (RMF), NIST 800-37, Continuous Monitoring IAW NIST 800-137, Patching IAW NIST 800-40, NIST 800-53 and CNSSI 1253
• Experience identifying, exploiting, and remediating application vulnerabilities.
• Experience with one or more of the following programming languages: C++, Python, JavaScript (or TypeScript), Rust
• Experience with using and configuring static code analysis tooling (e.g. Coverity, Klockwork, SonarQube, etc.)
• Experience with vulnerability discovery using fuzzing (AFL, AFL++, honggfuzz, etc.)
• Required Security Certification in accordance with DoD 8570.01 IASAE-I for a Linux environment (e.g., CASP+ CE and Linux OS Certification)
• Obtaining IASAE-I certification is required to start.

Role location: This position requires work on-site at Aurora/Boulder CO campuses.

Clearance Required: Must be a US Citizen with an active DOD Secret clearance. Top Secret/SCI Clearance is preferred

Hamdan Resources, LLC is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer (EEO/AA), making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship and/or authorization to work within the U.S.is required for most positions.