Elite Technical is seeking two (2) Security Software Developers, with in-depth knowledge of Java technologies, in order to achieve maximum application, data and network security within the applications development team. Our customer is a Federal Healthcare Insurance organization based in Washington DC (this position is 100% remote due to COVID 19 but will return to DC office in Mid/Late 2021). We are seeking a Security SW Developer to identify code vulnerabilities, then perform standard Query Parametrization/Reporting to ensure the source code within their applications development team is secured, and report/eliminate any threats to the environment. Some responsibilities include:

- Provide subject matter expertise on secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stack
- Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application, and data to align with application security maturity model and adopt a shift-left approach for security.
- Evaluate various application security tools including SAST, DAST, SCA, IAST, and Pen Testing and operationalize security tools for integration with CI/CD.
- Explains and interprets the vulnerability report items to development staff
- Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
- Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.
- Perform threat modeling, conduct security architecture reviews, and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.

Our client is an exceptional organization servicing the Federal Marketplace offering Health Insurance. They are experiencing exceptional growth and have a track record of integrating professionals into the organization and providing opportunities for learning, career growth and advancement.

Please contact Elite Technical immediately to learn more about this long term contract opportunity!

Required Skills

- This position requires a bachelors degree in Cyber Security, Information Technology or Computer Science
-Minimum of five (6) years of Application Security experience,
-Strong Java framework understanding is required (Java 8, Java EE (.EAR/.JAR) experience, Struts, Spring etc..)
-Secure Code Review (Input Validation, Query Parametrization, Error Handling, Session Management, Cryptography, etc.)
- Strong knowledge in security best practices, principles and commonly used security frameworks such as OWASP, NIST and HIPAA
-Experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, static and dynamic analysis and penetration testing.
- Bitbucket version control repository knowledge
- Web Services (SOAP & REST)
-Knowledge of the following Static Application Security Testing Tools: Fortify SCA, CheckMarx, AppScan
- Proven experience supporting data security and/or application security projects
- Proven ability to elicit, document, analyze and verify requirements.
- Demonstrated successful use of AGILE and/or Waterfall SDLC methodology

Desired Skillsets:
-Python, .Net, DevOps/DevSecOps
-CISSP, CISM or other related Information Security certifications