Job Description

Job Description:
We are seeking a highly experienced resource with expertise in Software Application Security, FISMA, FedRAMP, ITAR, CUI, and CMMC. The candidate will work closely with internal team to ensure that all software applications meet the highest security standards and comply with all relevant regulations and standards. The candidate will also be responsible for software analysis, developing and implementing security policies and procedures, and conducting risk assessments.

**Candidate needs to have 18 months of access available for this position**
Key Responsibilities:
• Perform software review and analysis. Leveraging a deep understanding of windows registry, networking/firewall, the DNS protocol, and client functionality, and proficiently with software analysis various tools.
• Ensure that all software applications meet the highest security standards and comply with all relevant regulations and standards, including FISMA, FedRAMP, ITAR, CUI, and CMMC.
• Work closely with the development team to identify and mitigate security vulnerabilities in software applications.
• Research current practices and develop and implement security policies and procedures for factory security procedures.
• Conduct risk assessments and recommend security enhancements to reduce risk.
Qualifications:
• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• At least 7 years of experience in software application security, with a focus on FISMA, FedRAMP, ITAR, CUI, and CMMC.
• Experience with secure coding practices and software development lifecycle.
• Experience with software analysis tools such as procmon, procexp, sigcheck, regmon, fiddler. Familiarity with authenticode and digital signatures. Packet capture and analysis.
• Strong understanding of security technologies, including firewalls, intrusion detection and prevention systems, and vulnerability scanners.
• Excellent communication skills, with the ability to communicate effectively with technical and non-technical stakeholders.
• Strong problem-solving and analytical skills.
• Relevant industry certifications such as CISSP, CISM, or GIAC

Job Requirements

• Years of Experience Required – 5-7 years
• Degrees or certifications required – not required
• Disqualifiers – Candidates with no tech skill experience just PM experience – “the key here is I need someone to perform these types of assessments, not be someone who manages the people that perform these assessments”
• Best – Someone who has strong background in software assessment and is familiar with tools of the industry. They ask questions that need to be asked and documented. CISSP, GIAC, or CISM is nice to have. Very familiar with the tools of the industry.
• Average – They are familiar with what is going on and have enough experience where they can ramp up very quickly.
• Required Skills – experience with application or software analysis, worked with sandbox and stack/dynamic code analysis,
• Preferred Skills – any formal education
• Performance indicators – Documentation skills on third party assessments – can they perform an analysis and document their findings? Can the report answer all necessary questions?

1. Experience with software analysis (stack dynamic code analysis, app development) | 5-7 Years
2. Software Development Lifecycle | 5-7 Years

Typical Day in the Role

• Typical task breakdown and operating rhythm –
- 75% third party assessment and stakeholder interaction
- 10% policy work
- 15% security development lifecycle work
• Interaction level with sponsor/team – moderate
• Chance for extension later? – Yes, up to 18 months
• Expected working hours – 9am-5pm PST time zone preferred
• Location Requirements & HTX Details – Citizenship attestation. Candidate can meet any of the location requirements below
1. on-site in Redmond 80%, on-site in Dallas,TX 20% (preferred)
2. Remote anywhere 80%, 20% on-site in Dallas, TX (supplier will work with MSFT for their travel budget, it is not longer the candidate's responsibility)

Duration

6/30/2024

Desired Start Date

8/21/2023

Hours Per Week

40

Candidate Value Proposition

• What makes this role interesting? – The candidate will have the opportunity to work with different team within factory infrastructure which is very rare.
• Team Culture – Fairly small and new team, collaboration is key we value providing input in all areas that each individual is specialized in to assist in the success of everyone on the team.
• Unique selling points/Value add – They will be working on high impact work and will be able to see the use of what their project outcomes and how it directly impacts the organization and the products we work with.

I am currently located in the United States.

Apply