The Leidos Homeland Security Solutions Operation within Leidos' Civil Group is seeking talented, patriotic, and motivated U.S. Citizens for an important national security project with the DHS Transportation Security Administration (TSA). The project involves screening, vetting, and credentialing of people who are then granted access and privileges associated with sensitive areas and functions. Some of these populations were identified as sensitive following 9-11 and the passage of the Patriot Act, such as maritime port workers, alien flight schools, and hazardous materials drivers. Though still related to security, other populations programs such as TSA Pre-Check, also facilitate smooth travel. In all cases, these critical functions must continue transparently to the populations involved, while evolving to accommodate growth and enhanced functionality. Since many of these functions evolved independently, there is an opportunity to consolidate and streamline common functions, thus enhancing reliability and reducing costs. By moving to a person-centric data model, TSA will also improve data integrity and services to the individuals in the populations involved.
The project environment will be complex and challenging. It involves sustaining current functions and evolving functionality while merging 3 different technology stacks and associated development environments. In addition, the supporting data center infrastructure exists in two places, Colorado Springs, CO, and Annapolis Junction, MD, and involves teamwork in a distributed environment. For ambitious technologists, the project presents a professional growth opportunity with the satisfaction of contributing to a critical national interest program that both secures and enhances our lives.
This career opportunity is for an Application Security Specialist. The work location is a customer facility in Annapolis Junction, MD, or in a Company facility nearby. The successful Applications Security Specialist shall:
• Analyze systems and applications, recommend and develop security measures to protect applications and associated information against unauthorized modification or loss.
• Create and maintain the infrastructure to enforce secure application development practices, including continuous integration, automated builds & deployment, and automated end-to-end testing.
• Identify, mature and maintain security procedures and tools.
• Perform security vulnerability assessments.
• Investigate and resolve security violations by providing postmortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures.
• Act as liaison with other stakeholders, such as, data/service providers, infrastructure admins, software developers, FOSS/COTS vendors, etc.
• Distribute application development guidance and coding standards to enforce secure application development. In conjunction with the Security Engineer, provide instruction and coaching to the development teams where needed, and institute corrective actions and guidance changes as warranted by the changing threat landscape.
• Bachelor's Degree in Computer Science or equivalent degree in Engineering, science or related technical field.
• Over seven years of experience on complex technical projects, including work on highly available, national security systems.
• Subject matter expertise in the following areas:
o Deployment and configuration of security scanning tools
o Performing manual static and dynamic analysis
o Conducting security code reviews, security architecture reviews, security design reviews, and threat modeling activities
o Applying NIST 800-53 Revision 4 security controls, especially those related to web applications and web services security
o Web application/web services security best practices
o Remediation of security vulnerabilities based on industry best practices o Investigation of potential security threats
o Automation of security scanning within continuous integration/continuous delivery (CI/CD) pipelines
o Securing container application platforms and Platform as a Service (PaaS) deployments
• Hands-on, working knowledge of the following products:
o Soap UI
o IBM AppScan (Standard/Enterprise/Source)
o Portswigger BurpSuite
• Demonstrated ability to produce high-quality, professional documentation.
• Ability to obtain a Public Trust suitability determination.
• Ability to obtain a Secret Clearance.
• U.S. Citizenship.
List additional skills and experience that is "nice to have" but not required.
• Experience doing development for the TSA and/or another agency within the Department of Homeland Security.
• Ability to obtain a Top Secret Clearance.