Enforces application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms.

• Collect client requirements for functionality and performance of PQC PIV card implementation.
• Identify available vendor and open-source solutions for PQC PIV card implementations.
• Analyze available offerings for applicability to client requirements. Author documentation (White papers, briefings, etc.) discussing pros and cons to solutions.
• Design and implement POCs using best-suited vendor tools for PQC PIC card implementations including interoperability with existing identity systems and hardware.
• Construct detailed PQC migration plans for client PIV card systems.
• Writes comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
• Identifies additional application security related tools, conducts tool analysis, and provides recommendations on what tools will enhance security protocols.
• Performs and conducts penetration tests and manual/automated code reviews.
• Creates and delivers training developers and other relevant team members on Secure Code Development as well as other security protocols.
• Designs, develops or recommends integrated system solutions ensuring proprietary/confidential data and systems are protected.

Minimum Qualifications

• Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master's Degree preferred.
• 8-15 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.

Other Job Specific Skills

• Experience in designing, implementing, and managing PKI systems with a focus on PIV card infrastructure.
• Knowledge of cryptographic standards, principles, protocols, and algorithms.
• Understanding of post-quantum cryptographic (PQC) protocols and upcoming NIST standards.
• Strong understanding of federal guidelines and regulations concerning PIV card authentication and access control. (i.e., NIST SP 800-73, FIPS 201, etc.).
• Proficiency in configuring and troubleshooting PIV card hardware and software including middleware, card readers, and management tools.
• Experience with scripting and/or programming languages for integration and automation testing.
• Experience with PKI software and tools such as OpenSSL.
• Experience in operating in cloud environments such as Azure, AWS, or Google Cloud Platform.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.