• Code Reviewer

    Job Locations US-VA-Tysons Corner
    # of Openings
    2
    Category
    Information Technology
    Agency/Project
    IRS
    Job ID
    2018-2699
  • Overview

    OBXtek Inc. is an established award-winning business providing information technology and professional management services to the federal government. OBXtek is a leader in its field and is committed to identifying, developing, and delivering innovative, mission-focused technical and logistical solutions to over 15 civilian and military partners in the Federal Government.

     

    As a prime contractor for 93% of our current work, we possess a robust corporate infrastructure that provides management oversight and support for all our programs. OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO to create processes that leverage best practices and result in novel, successful solutions.

    Responsibilities

    OBXtek is seeking an experienced Code Reviewer to support an IRS Penetration Testing and Application Security Testing project.  OBXtek provieds IRS support for Penetration Testing, DAST and SAST; ensuring that the Threat Simulation Environment (TSE) is securely configured and operational, analyzing findings, creating actionable findings reports, assisting stakeholders in understanding and remediating findings, documenting processes, enabling DAST and SAST for DevSecOps

     

     

    The Code Reviewer will be part of a multi-functional team.  Responsibilities include, but are not limited to:

     

    Review, analyze, assist in prioritization of findings; develop actionable reports for business unit and IT project teams responsible for mitigating vulnerabilities. Develop and document a repeatable process for reviewing, analyzing, assisting in prioritization of findings and developing actionable reports; support IRS in execution of network/operating system and database vulnerability scans. Operate and maintain the Enterprise Static Application Security Testing (SAST) software (currently AppScan Source). Assist business unit and IT project teams in understanding scan output. Assist in enabling application projects development teams to understand how to leverage scanning tools during the development process to help them meet S NIST 800-53 SA-11 security requirements in a rapid development and DevOps environments Build and document repeatable processes for integration of the scanning tools into the rapid development process.

     

     

     

    Qualifications

    Requirements:

    • Technical competence in performing security code analysis using tools like AppScan Source
    • Technical competence in application development (Java, .NET, C, C++, …)
    • Technical competence in development frameworks (Struts, Spring and JSF)
    • Technical competence in configuring, managing and supporting tools like AppScan Source and AppScan Enterprise
    • Technical competence in application security
    • Application build process & tools
    • Knowledge of tools including AppScan Source, SonarQube and the OWASP Dependency Checker to identify vulnerabilities
    • Understanding of application security methodologies and processes mandated by the IRM
    • NIST 800 53 SA-11 Developer Security Testing Requirements
    • Applies current principles and techniques to complete testing, quality assurance review and evaluation of new and existing software products.

    • Experience using appropriate Vulnerability Testing tools, examples in NIST 800-115, specifically AppScan Source, SonarQube and the OWASP Dependency Checker

    • Vulnerability Testing (skills and methodology). Experience integrating SAST tools into their development environments, to enable build automation and DevSecOps

    • Expertise providing knowledge transfer and assistance to developers for use of scanning tools throughout development, including AppScan Source install,

    • Knowledge of Application build process & tools

    • May perform work on any system in the IRS or any system operated on the behalf of the IRS.

      Travel less than 10%

      Bachelor’s degree in related technical field.

      CISSP or related certification desired

    Pass Public Trust clearance

    • Current Treasury PIV highly preferred

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed