DevSecOps / Fortify Administrator

Job Locations US-AL-Huntsville
ID
2021-2427
Business Unit
ITCE
Type
Full-Time
Clearance
Secret Clearance Preferred

Overview

i3 is seeking a DevSecOps/Fortify Administrator to support an Army Contract. The DevSecOps/Fortify Admin will provide technical expertise supporting and administering the Fortify Application for a large (8000+) user community.  They will be responsible for implementing DevSecOps practices throughout the organization. The Administrator must have a customer centric approach and provide all level of support for the technical and cyber team as well as the user base community.

Responsibilities

A successful candidate will:

  • Lead G6 Software Assurance function and posture other SWA resources for unified mission alignment.
  • Provide recommendations, guidance, understand and implement best practices, develop SOP’s/policies.
  • Review Fortify FPR’s to concur/non-concur with developer analysis of SCA findings. The review process may require complex code analysis. Most review activities are performed against ASP .NET Webforms and MCV web applications. Applicant must be proficient in these technologies.
  • Test and research new scan findings reported by Fortify SCA to determine severity and potential fixes.
  • Develop and standardize remediation approaches for design patterns used across the portfolio of hosted applications.
  • Interface with Fortify support
    • Write simplified test cases that reproduce problematic behavior.
    • Submit support thickets and track status through to resolution.
  • Track and download new release of Fortify SCA and Fortify Rule packs.
  • Distribute Fortify software and support installation and configuration activities as needed.
  • Track software utilization against licensed capacity.
  • Work integration of scan services into DevOps processes as needed.
  • Participate in the implementation and administration of Software Security Center.
  • Coordinate with organization’s cybersecurity elements on scan reviews and other software assurance activities that arise.
  • Evaluate additional analysis tooling to expand capabilities as opportunities arise.
  • Participate in process enhancement and capability growth of software assurance activities within the organization.

Skills & Competencies:
Required: Static code security analysis tooling, C#, ASP .NET Webforms and MVC< CSS/JS/HTML, SQL


Desired: Fortify SCA, Firtify Audit Workbench, Fortify Software Security Center, Apache Tomcat, Windows Server administration, Multi-tier architecture, Agile development, jQuery, Bootstrap ¾, Jira or ServiceNow, Familiarity with Cloud, GOV Cloud, AWS, Azure, Azure DevOps Server, GitLab, SonarQube, Burp Suite, Fortify WebInspect, DISA Application Development STIG, Dynamic Code Analysis.

Qualifications

  • BS and 5 years of relevant experience required.
  • DoD 8570.01-M compliant.
  • Ability to work with little or no direct supervision and in a team environment.
  • Ability to attain and maintain a SECRET clearance.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.