ASRC Federal Technical Services (ASTS) is responsible for managing the NASA Goddard Software Engineering Services II (SES II) contract.
ASTS provides IT and Intelligence services to the federal defense and intelligence communities. Our focused solutions offer efficiency, agility, and innovation. We resolve issues quickly and provide ideas and solutions to help our customers fix problems and overcome challenges. ASTS is looking for a Flight Software Security Engineer to support its Software Engineering Services -- II (SES-II) contract at the NASA Goddard Space Flight Center (GSFC) in Greenbelt, Maryland.
The core Flight System (cFS) is a platform and project independent reusable software framework and set of reusable software applications. There are three key aspects to the cFS architecture: a dynamic run-time environment, layered software, and a component based design. It is the combination of these key aspects that makes it suitable for reuse on any number of NASA flight projects and/or embedded software systems at a significant cost savings. To support reuse and project independence, the architecture contains a configurable set of requirements and code. The configurable parameters allow the cFS to be tailored for each environment including desk-top and closed loop simulation environments.
We are looking for a skilled Flight Software Security Engineer to analyze the cFS software platform's design and implementation from a security perspective to identify and resolve security and vulnerability issues. You will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in a more robust and reliable development platform.
Essential Job Functions:
Software Security Assessment: Evaluate applications for appropriate and effective use of security controls using tools and techniques such as source code analysis, vulnerability scanners, and manual testing techniques.
Application Security Control Development: Provide expert guidance to developers on the appropriate selection and implementation of relevant application security controls.
Support the planning and execution of the application security testing and evaluation program with possibility to mentor junior team members
Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities.
Research and implement new security technologies to be used as point solutions for IT initiatives unable to take advantage of or needing greater functionality than reusable enterprise security services.
Recommend new security service development ideas based on accumulated knowledge of project-specific security requirements. Identify and implement improvements to application security team processes and supporting software tools to continually improve the team's effectiveness and efficiency.
Serve as subject matter expert on application and information security technologies and methodologies.
ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
B.S in Computer Science, or equivalent education or experience with at least fifteen (15) years of professional experience. Emphasis in software security a plus.
Experience providing software architecture security guidance, including developing application threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities.
Knowledge of design patterns and coding standards for secure software.
Knowledge of general application security API's and protocols
End-to-end, hands-on experience in software security solutions
Strong written and verbal communication skills. Specific relevant experience may include technical reports (especially application security assessment reports), technical whitepapers, presentation development and delivery (for both technical and business audiences), technical training, etc. Candidate should have experience making and defending sound technical arguments that incorporate relevant technical and business considerations and building consensus among stakeholders.
Ability to obtain National Agency Check Inquiry (NACI) personal background check.
US Citizenship is required.
Additional Desirable Skills:
Security Awareness Training: Design, develop and deliver presentations focused on raising awareness for crucial security relevant considerations and defensive programming techniques.
Knowledge of cryptographic tool kits for application development such as RSA BSAFE or others.
Knowledge of cryptographic solutions for protection of data in use, in transit
Experience with assembler code.
Experience with real time operating systems VxWorks and RTEMS
Familiarity with ASIST procs
Familiarity with NASA cFS
Experience with spacecraft operations