Perform software security assessments in support of client cybersecurity efforts. Perform activities, including assessment planning, analysis, and reporting. Select, configure, and operate applicable tools, including static analysis and dynamic analysis together with supporting processes. Provide software security results in the context of broader cybersecurity efforts, including the Risk Management Framework (RMF). Provide guidance to colleagues and clients on software security life cycle best practices. Work independently with some guidance and review or guide activities of junior employees, if needed. This position is located in Los Angeles, CA.
- Experience as a software security tester or analyst
- Knowledge of secure coding standards, software, and cybersecurity best practices and software development life cycle models
- Ability to review software source code against secure coding standards
- Ability to configure tools for software analysis and develop scripts and tools for software analysis
- Ability to research and provide recommendations on software assurance best practice
- Ability to obtain a security clearance
- BA or BS degree in CS
- Experience with a variety of software security testing techniques, including static analysis, dynamic analysis, or penetration testing
- Knowledge of DoD software security standards, including the Application Security and Development (ASD) Security Technical Implementation Guide (STIG)
- Knowledge of industry software security standards or guidelines, including the Open Web Application Security Project (OWASP), Build Security In Maturity Model (BSIMM), CERT Secure Coding Guidelines, and Microsoft Security Development Life Cycle
- Ability to adapt to shifting client needs and priorities
- Active Secret clearance
Data Privacy For more information on how Booz Allen uses your information, please see our .