ITility, LLC

  • Information Assurance Validator

    Job Locations US-MD-Fort Meade
    Posted Date 2 weeks ago(11/5/2018 12:07 PM)
    Job ID
    2018-1920
    # of Openings
    3
    Category
    Information Technology
  • Overview

    ******THIS POSITION IS CONTINGENT UPON CONTRACT AWARD******

     

    ITility is seeking to hire several Code Reviewers in the Ft. Meade, MD area.

    Responsibilities

    Responsibilities and Daily Tasks:

    • The Code Reviewer shall conduct code reviews on each capability release in accordance with ASD and other applicable STIGs using the government-provided code review process.
    • The Code Reviewer shall identify security vulnerabilities and areas of non-compliance based on DoD Policy, STIGS, and SRGs.
    • Code Reviewer shall provide collected and analyzed data output of the cybersecurity tools in the open vulnerabilities spreadsheet report and the daily code review report.

    Supported Technologies:

    • Fortify Static Code Analyzer (SCA): This tool scans source code and scripts and generates a binary file that contains the findings, including a mapping to the STIG and the stack trace that caused each finding. Audit Workbench displays the results of the SCA scan, displaying the trace and the source code for each finding, and allows the validator to mark each finding as a false finding or a valid vulnerability. Audit Workbench generates reports in pdf or xml format.
    • WebInspect: This tool dynamically scans operational web pages, and maps findings to the STIG.

    Sonar: This tool scans source code and looks for vulnerabilities, bugs and code quality problems. It is used for scanning java C+, Groovy, JavaScript, PHP, Python, Html and XML. Note that Sonar does not find problems across different files, nor does it map problems to the STIG.

    Qualifications

    • Active Secret Clearance
    • At least 5 years of specialized experience in the field of code reviewing
    • Information Assurance Manager (IAM) Level II certification in accordance with DoD 8570.01-M.
    • Able to use vulnerabilities scanner such as web inspect or code review tools such as HP Fortify, Sonar, etc.
    • Able to identify security vulnerabilities and areas of non-compliance based on DoD Policy, Security Technical Implementation Guides (STIGS), and Security Requirement Guides (SRGs).
    • Experienced in providing collected and analyzed data output of the cybersecurity tools in the open vulnerabilities spreadsheet report and the daily code review report, while providing all code review results to the Government.
    • Experienced using Enterprise Mission Assurance Support Service (eMASS) is preferred.

    ITility is an Equal Opportunity Employer

    ITility is committed to providing a work environment that is non-discriminatory, harassment free, fair, ethical and inclusive.


    ITility is committed to the principle of equal employment opportunity, and complies with all applicable laws which prohibit discrimination and harassment in the workplace. ITility strictly prohibits discrimination or harassment based on race, color, religion, national origin, sex, age, disability or any other characteristic protected by law in all terms, conditions and privileges of employment, including without limitation, recruiting, hiring, assignment, compensation, promotion, discipline and termination. This policy covers conduct occurring at ITility’s offices, client sites, other locations where ITility is providing services, and to all work-related activities.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed