Cybersecurity Software Evaluator

Clearance: TS/SCI Mandatory to Apply (Active/Valid)

We are seeking Cybersecurity Software Evaluators to assess and analyze the security of software applications used in high-security government environments. This role will involve conducting cyber evaluations, security testing, and risk assessments on software applications to ensure compliance with Department of Defense (DoD) cybersecurity standards. The ideal candidate will have a solid cybersecurity background and experience with software security assessments, and must possess an active TS/SCI clearance.

This position is initially for a few months with the potential for long-term employment based on project needs and performance. The successful candidate will be proactive, have a strong research ability, and a solid understanding of cybersecurity principles.

Key Responsibilities:

• Cyber Evaluations:

  • Conduct cyber evaluations of software applications, identifying vulnerabilities, security gaps, and compliance risks.

  • Perform static and dynamic analysis of software code to detect security flaws, backdoors, and other vulnerabilities.

  • Test applications for compliance with DoD cybersecurity frameworks, including NIST 800-53, RMF, and STIGs.

• Penetration Testing & Vulnerability Assessment:

  • Perform penetration testing and vulnerability assessments on government software systems.

  • Assist in the identification and mitigation of application-level vulnerabilities.

• Collaboration & Recommendations:

  • Work closely with developers, security engineers, and system administrators to implement security recommendations.

  • Document findings, create security reports, and provide actionable recommendations for remediation.

  • Assist in the development of secure coding practices and software security guidelines.

• Third-Party & Emerging Threats:

  • Evaluate third-party software for compliance with government cybersecurity standards.

  • Stay up to date with emerging cybersecurity threats, tools, and best practices.

Required Qualifications:

• Clearance & Education:

  • Active DoD TS/SCI security clearance with the ability to maintain it in valid status.

  • Bachelor’s degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).

• Experience & Certifications:

  • 5+ years of experience in cybersecurity, penetration testing, or software security evaluation.

  • Certifications such as CISSP, CEH, OSCP, or GIAC GWEB are highly preferred.

• Technical Skills:

  • Experience with secure coding practices and software vulnerability assessment tools (e.g., Nessus, Burp Suite, Fortify, SonarQube).

  • Familiarity with secure software development lifecycle (SSDLC) methodologies.

  • Strong knowledge of encryption protocols, authentication mechanisms, and network security.

• Research & Problem-Solving:

  • Strong research ability and the capacity to independently investigate and resolve complex cybersecurity issues.

Preferred Qualifications:

• Experience conducting cybersecurity assessments in DoD or government environments.

• Understanding of container security and DevSecOps principles.

• Familiarity with threat modeling, risk assessment frameworks, and security controls testing.

• Knowledge of cloud security best practices (AWS, Azure, GovCloud).

Additional Skills/Questions to Address:

Candidates should be familiar with the following cybersecurity concepts, as these are integral to our day-to-day tasks:

• Cybersecurity Principles:

  • Understanding the fundamentals of cybersecurity is essential.

  • Be ready to discuss how basic principles apply to real-world security assessments.

• Key Questions for Candidates:

  1. What does End of Life (EOL) mean?

  2. What are release notes?

  3. What is SQL Injection?

     • Answer: The ability to insert SQL queries into HTML documents to gain access to the backend database.

     • How to prevent: Input validation.

  4. What is Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS)?

  5. What is it called when an application sends usage data or checks for application updates from the vendor?

     • Answer: Phone Home.

     • Could this be a security vulnerability? If yes, why?

  6. What are NVDs/CVEs, and why are they important?

Work Environment & Requirements:

• Location: Colorado Springs, CO – On-site presence required.

• Potential hybrid/remote flexibility based on project needs.

• Must be willing to undergo additional security vetting and polygraph testing if required.

• Ability to work independently while coordinating with government cybersecurity teams.

Why Join Us?

• Work on mission-critical software security evaluations for government agencies.

• Competitive salary and benefits package, including medical, dental, vision, PTO, and retirement plans.

• Potential for long-term employment based on project extensions and performance.

• Opportunity to work with cutting-edge cybersecurity tools and methodologies.

• Collaborative work environment with skilled cybersecurity professionals.