Principal Software Security Engineer (Principal Cyber Security Analyst)

Mission Support and Test Services, LLC (MSTS) manages and operates the Nevada National Security Site (NNSS) for the U.S. National Nuclear Security Administration (NNSA).  Our MISSION is to help ensure the security of the United States and its allies by providing high-hazard experimentation and incident response capabilities through operations, engineering, education, field, and integration services and by acting as environmental stewards to the Site’s Cold War legacy.  Our VISION is to be the user site of choice for large-scale, high-hazard, national security experimentation, with premier facilities and capabilities below ground, on the ground, and in the air. (See NNSS.gov for our unique capabilities.) Our 2,750+ professional, craft, and support employees are called upon to innovate, collaborate, and deliver on some of the more difficult nuclear security challenges facing the world today.   

• MSTS offers our full-time employees highly competitive salaries and benefits packages including medical, dental, and vision; both a pension and a 401k; paid time off and 96 hours of paid holidays; relocation (if located more than 75 miles from work location); tuition assistance and reimbursement; and more.  
• MSTS is a limited liability company consisting of Honeywell International Inc. (Honeywell), Jacobs Engineering Group Inc. (Jacobs), and HII Nuclear Inc.

MSTS is seeking a highly experienced cybersecurity professional for a Principal Software Security Engineer. This individual will be responsible for leading testing, implementation, operation, and maintenance of secure software solutions, ensuring confidentiality, integrity, and the availability of sensitive data. 

Key Responsibilities

• Implementing, testing and operating advanced software security in compliance with federal security requirements. 
• Perform on-going security testing and code review to improve software security. 
• Provide engineering designs for new software applications to help mitigate security vulnerabilities. 
• Automate application scanning and vulnerability assessment processes to support CI/CD releases. 
• Validate identified security issues within applications and recommend fixes. 
• Train team members on secure coding practices. 
• Maintain technical documentation. 
• Assist in researching, compiling, and analyzing technical data. 
• Perform Security Test and Evaluations of information systems in support of a security plan. 
• Write complex information system plans (ISSPs) for classified and unclassified systems.
• Complete certification and accreditation of information systems on unclassified and classified networks, assist with the completion and mitigation of security testing and evaluation results, and be a resource for MSTS and other NvE enterprises for the C&A process. 
• Review purchase requests for technology items and provide input to senior level Cyber Security staff regarding the risks associated with purchases. 
• Assist the ISSM and ISSOs with the execution of their assigned duties, act as a liaison between the ISSM and other ISSOs and provide training to ISSOs about their Cyber Security role. 
• Review current Cyber Security threat information and assist the Threat Evaluation team with mitigating vulnerabilities identified. 
• Assist with data calls, FISMA reporting, compliance scanning and reporting, continuous monitoring and compiling reports for auditors. 
• Provide training in Cyber Security to non-technical and technical individuals. 
• Participate in business development by defining customer needs, developing proposals and planning projects that will produce results meeting customer needs. 
• Develop standards, practices, and procedures as well as an increasing technical knowledge to solve problems and complete projects. 
• Use established standards, practices, and procedures as well as an increasing technical knowledge to solve problems and complete projects. 
• Contribute to an overall productive and respectful work environment by providing excellent customer service and working in a positive, collegial manner. Maintain cooperative and respectful working relationships with Cyber Security staff, other divisions, and customers. 

• Bachelor’s degree or equivalent training and experience in a computer-related field and at least 8 years of related experience. 
• Detailed technical knowledge of techniques, standards, and state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation. 
• Adequate knowledge of web related technologies (web applications, web services and services-oriented architectures) and of network/web related protocols. 
• Strong understanding of secure web application design principles and frameworks such as OWASP. 
• Experience with development security scanning tools such as static and dynamic analysis.
• Experience with containerization security practices. 
• Experience with scripting or code development using the following languages: C#, Node.js, Java, jQuery, .Net, ASP.NET, Cold Fusion, SQL, PHP, and HTML. 
• Experience working with developers and development groups. 
• Experience in code review process. 
• Experience with SCA (Software Composition Analysis) tools. 
• Experience in Open-Source component review and Software Bill of Materials (BOM). 
• Have command of a broad range of the most advanced Cyber Security principles, protocols, concepts, and theories in a wide range of disciplines. 
• Ability to integrate work of specialized personnel to produce the desired results. 
• Knowledge of network-based services and client/server applications, familiarity with intrusion detection systems, familiarity with network architecture and security infrastructure placement. 
• Ability to analyze network traffic, identify misconfigurations of information systems and networks, troubleshoot security appliances, independently identify network and host security vulnerabilities.
• Understand the Windows operating system and command line tools, network protocols, and TCP/IP fundamentals. 
• Ability to maintain strict confidentiality. 
• Ability to communicate effectively in English, verbally and in writing, sufficient to communicate with co-workers, customers, testify, write clear and concise reports, and collect information. 
• Ability to use multiple electronic devices including standard office machines, cellular phones, and security appliances. 
• Ability to articulate highly technical processes and information to a non-technical audience.
• Ability to meet the physical requirements necessary to safety and effectively perform all assigned duties. 
• Ability to pass a federal background check and obtain a “Q” Clearance. 
• The primary work location with be at the Losee Road Facility, located in North Las Vegas, Nevada.
• Work schedule will be 4/10's, Monday through Thursday (subject to change).
• Pre-placement physical examination, which includes a drug screen, is required. MSTS maintains a substance abuse policy that includes random drug testing. 
• Must possess a valid driver's license. 

Preferred Additional Qualifications: 

• GIAC Certified Web Application Defender (GWEB)
• GIAC Web Application Penetration Tester (GWAPT)
• GIAC Python Web Coder (GPYC)
• GIAC Security Essentials (GSEC)
• Certified Information Systems Security Professional (CISSP) 

MSTS is required by DOE directive to conduct a pre-employment drug test and background review that includes checks of personal references, credit, law enforcement records, and employment/education verifications. Applicants offered employment with MSTS are also subject to a federal background investigation to meet the requirements for access to classified information or matter if the duties of the position require a DOE security clearance. Substance abuse or illegal drug use, falsification of information, criminal activity, serious misconduct or other indicators of untrustworthiness can cause a clearance to be denied or terminated by DOE, resulting in the inability to perform the duties assigned and subsequent termination of employment. In addition, Applicants for employment must be able to obtain and maintain a DOE Q-level security clearance, which requires U.S. citizenship, at least 18 years of age. Reference DOE Order 472.2, “Personnel Security”. If you hold more than one citizenship (i.e., of the U.S. and another country), your ability to obtain a security clearance may be impacted.

Department of Energy Q Clearance (position will be cleared to this level). Reviews and tests for the absence of any illegal drug as defined in 10 CFR Part 707.4, “Workplace Substance Abuse Programs at DOE Sites,” will be conducted.  Applicant selected will be subject to a Federal background investigation, required to participate in subsequent reinvestigations, and must meet the eligibility requirements for access to classified matter. Successful completion of a counterintelligence evaluation, which may include a counterintelligence-scope polygraph examination, may also be required. Reference 10 CFR Part 709, “Counterintelligence Evaluation Program.”

MSTS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability, veteran status or other characteristics protected by law. MSTS is a background screening, drug-free workplace.

Annual salary range for this position is: $116,001.60 - $176,904.00.

Starting salary is determined based on the position market value, the individual candidate education and experience and internal equity.