26 to 49 of 49 Static Code Analysis Jobs

and are followed for all cybersecurity threats and events. Maintain up-to-date cybersecurity-related documentation and ensure accessibility to authorized users. Review and analyze reports from penetration tests, static code analysis, and vulnerability scans. Analyze network architecture, data flows, organizational charts, and personnel assignments for potential cybersecurity vulnerabilities. Participate in continuous improvement of system security postures … Ability to assess, document, and mitigate cybersecurity risks in complex environments. U.S. Citizenship and active Top Secret/SCI clearance with CI Poly. Required Experience: DoDM 8140.03 Work Role Code 722 (Information Systems Security Manager), Intermediate Level. At least 5 years of experience supporting the full cybersecurity life cycle for DoD systems. At least 5 years of progressively complex More ❯

target web application or application server. Attempt to reverse engineer these vulnerabilities and develop a working PoC , as applicable to web assets in the client's environment Utilize source code or binaries, when provided or open source , to focus and prioritize testing efforts . This includes familiarity with static code analysis to identify potential vulnerabilities, understanding More ❯

solutions. Support configuration, data, and risk management processes and contribute to environmental and technical assessments. Apply software engineering expertise across the full lifecycle, including assurance practices and toolsets (e.g., static code analysis). Support the development and maintenance of Software Development Strategies and Software Development Plans (SDPs). Apply knowledge of systems acquisition, architecture, and integration at More ❯

and risk management. As a Principal Cybersecurity Systems Engineer or Senior Principal Cybersecurity Systems Engineer on this team, you will have the following responsibilities: • Perform software vulnerability assessment utilizing static code analysis tools. • Experience with the RMF process. Generating and maintaining appropriate artifacts for Navy authorization decisions on several related systems. • Experience performing and assessing system vulnerability More ❯

related events and potential threats and vulnerabilities to the ISSO. Ensure that all DoD IS cybersecurity-related documentation is current and accessible to properly authorized individuals. Review reports from static code analysis, Pen Testing, and Scanning Results. Review network, data flow, org charts and etc for potential vulnerabilities related to processes or personnel. QUALIFICATIONS Bachelor's Degree … comprehensive benefits package, including health, dental, life, disability, and long-term care insurance, and also offers a 401k plan, paid time off, service anniversary awards, and tuition reimbursement. Job Code More ❯

related events and potential threats and vulnerabilities to the ISSO. Ensure that all DoD IS cybersecurity-related documentation is current and accessible to properly authorized individuals. Review reports from static code analysis, Pen Testing, and Scanning Results. Review network, data flow, org charts and etc for potential vulnerabilities related to processes or personnel. Required Qualifications A Bachelors More ❯

such as Java, ColdFusion, JavaScript, and C#. Implement multiple design patterns. Integrate COTS products, use APIs, interact with data repositories, cross-domain solutions, and manage system interfaces. Manage legacy code and/or develop new code using container technologies. Develop and execute unit tests to verify code meets functional requirements. Resolve integration issues, vulnerabilities, and functional defects. … enterprise services and APIs, ensuring secure communication across multiple classification levels. Participate in Agile ceremonies and contribute to sprint planning, backlog grooming, and technical reviews. Write clean, well-documented code that adheres to federal security and software development lifecycle (SDLC) guidelines. Support modernization efforts by refactoring legacy systems into cloud-native, containerized Java applications. Conduct unit and integration testing …/CD tools (Jenkins, GitLab CI). Exposure to containerization technologies (Docker, Kubernetes) and cloud platforms (AWS GovCloud, Azure Government). Understanding of secure coding practices and experience with static/dynamic code analysis tools. Strong problem-solving skills and ability to work independently or within a cross-functional Agile team. Company Overview: GovCIO is a team More ❯

from the iAssure templates for all RMF families Process and submit Plans of Action and Milestones (POA&Ms) Ensure DISA STIGs/SRGs are implemented and enforced Perform Risk Analysis and Vulnerability Assessments Perform annual security reviews in accordance with FISMA reporting Review PPS, HW/SW listings, NSS checklists (all A&A artifacts) Minimum Requirements: An active Secret … etc. Experience in DevSecOps and conducting end-to-end security testing of Applications (Web, Mobile, other APIs) Experience with industry standard tools such as Fortify, Checkmarx, and practices for code reviews, static/dynamic code analysis, and vulnerability assessments Knowledge of OWASP Top 10, SANS 25, NVD, CVE, etc. Experience with code languages and frameworks More ❯

including databases, logging, and monitoring project tracking tools such as Jira designing, deploying, and monitoring Kafka clusters deploying and maintaining artifact repositories (such as Nexus, Artifactory) deploying and configuring static and dynamic code analysis tools (such as SonarQube, Coverity). leading teams in an Agile/SCRUM software development process Current Security+ Certification STR is a growing More ❯

pipelines for performance, scalability, and resilience, and embed advanced security practices throughout the application lifecycle. Collaborating closely with developers, security engineers, and operations teams, you will architect infrastructure-as-code solutions, conduct security assessments, and guide the adoption of emerging tools and technologies. Your leadership will ensure systems meet mission requirements, adhere to compliance standards, and maintain exceptional security … culture of security awareness. Architect, implement, and manage secure and highly available infrastructure-both cloud-based and on-premises-with a focus on automation and scalability. Design infrastructure-as-code solutions and implement robust monitoring and alerting systems. Lead security assessments, penetration testing, vulnerability remediation, and develop and implement security policies and procedures. Conduct threat modeling and risk assessments. … diagrams, security documentation, and operational runbooks. Conduct Proof of Concepts (POC) to evaluate new DevSecOps tools and technologies and make recommendations for adoption. Lead incident response and root cause analysis efforts, focusing on identifying and mitigating security vulnerabilities. Develop and deliver DevSecOps training programs. What We are Looking For: The minimum of a Masters in Engineering, Computer Science, or More ❯

on-site Detail oriented Good verbal and written communication skills Candidates who have any of the following skills will be preferred: Strong experience with software vulnerability scanning with static and dynamic code analysis Experience with software vulnerability assessment and remediation using SAST/DAST and tools like Sonarqube Strong experience with software package artifact management using JFrog More ❯

in OO C++ running on Real-Time Operating Systems such as: VxWorks, Integrity, AND/OR Real Time Embedded Linux within the last 1 years. Demonstrated Professional Experience with Static & Dynamic Code Analysis Tools and Fuzzing Tools such as: Coverity, SonarQube, AND/OR Fortify within the last 1 years. Active DoD Secret Security Clearance Ability to More ❯

in OO C++ running on Real-Time Operating Systems such as: VxWorks, Integrity, AND/OR Real Time Embedded Linux within the last 1 years. Demonstrated Professional Experience with Static & Dynamic Code Analysis Tools and Fuzzing Tools such as: Coverity, SonarQube, AND/OR Fortify within the last 1 years. Active DoD Secret Security Clearance Ability to More ❯

in OO C++ running on Real-Time Operating Systems such as: VxWorks, Integrity, AND/OR Real Time Embedded Linux within the last 1 years. Demonstrated Professional Experience with Static & Dynamic Code Analysis Tools and Fuzzing Tools such as: Coverity, SonarQube, AND/OR Fortify within the last 1 years. Active Secret DoD Security Clearance Ability to More ❯

in OO C++ running on Real-Time Operating Systems such as: VxWorks, Integrity, AND/OR Real Time Embedded Linux within the last 1 years. Demonstrated Professional Experience with Static & Dynamic Code Analysis Tools and Fuzzing Tools such as: Coverity, SonarQube, AND/OR Fortify within the last 1 years. Active Secret DoD Security Clearance Ability to More ❯

in OO C++ running on Real-Time Operating Systems such as: VxWorks, Integrity, AND/OR Real Time Embedded Linux within the last 1 years. Demonstrated Professional Experience with Static & Dynamic Code Analysis Tools and Fuzzing Tools such as: Coverity, SonarQube, AND/OR Fortify within the last 1 years. Active Secret DoD Security Clearance Ability to More ❯

in OO C++ running on Real-Time Operating Systems such as: VxWorks, Integrity, AND/OR Real Time Embedded Linux within the last 1 years. Demonstrated Professional Experience with Static & Dynamic Code Analysis Tools and Fuzzing Tools such as: Coverity, SonarQube, AND/OR Fortify within the last 1 years. Active Secret DoD Security Clearance Ability to More ❯

be preferred Professional experience in Rust Experience with Kubernetes, Prometheus and Grafana Professional experience with state estimation, tracking, or Guidance, Navigation, and Control (GNC) Experience with the exploitation and analysis of OPIR, E/O, SAR, Spectral, RF, or other remotely sensed data Unit, component, and integration test development with a test framework such as cargo test or googletest … test driven design Strong experience with software vulnerability scanning with static and dynamic code analysis Strong communication skills and working with distributed teams Current active DoD SECRET security clearance or higher Benefits SciTec offers a highly competitive salary and benefits package, including: 3% Fully Vested Company 401K Contribution (no employee contribution required) 100% company paid HSA Medical More ❯

Software Engineer (automated program analysis) - Job Description Who We Are: Kudu Dynamics is a Leidos owned c ompany, forged out of a decade of experience in computer network operations and staffed with talent who have built, overseen, and enhanced capabilities throughout the entire USG arsenal. Our team of hackers and engineers have experience spanning centuries of research, development, and … tomorrow's threats and build the next generation of capabilities. Job Description: The team is looking for an engineer comfortable with a wide range of topics from automated program analysis to video game hacking. If you love writing and reversing C++ binaries, reading and implementing concepts from papers, and working under interesting constraints, we'd love to talk with … you. Responsibilities You will be involved in the design, implementation, and evaluation of novel methods and tools for verifying and analyzing software systems, using techniques such as model checking, static analysis, symbolic execution, and abstract interpretation. You will also have the opportunity to collaborate with other researchers and engineers that work on a variety of exciting technical challenges. More ❯

and reliability. Collaborate with cross-functional teams to define software requirements and architecture. Maintain and update documentation for software systems and processes. Work on a development team and perform code version control, reviews, and testing. This position is contingent upon contract award, the successful transfer of an active DoD Secret Clearance and ability to obtain/maintain special program … Jira programming languages. Knowledge of defense and aerospace systems. Understanding of memory management. Exposure to software development for embedded systems or hardware integration. Experience in RHEL (for BH development), static and dynamic code analysis tools, visual C/C++, and python scripting (both for tool development) Familiarity with safety-critical software standards As a full-time employee More ❯

monitor cybersecurity tools including HBSS/ESS, Splunk, and ConfigOS on Windows and RHEL systems. Support the implementation of Risk Management Framework (RMF) controls (NIST 800-53). Perform static and dynamic code analysis using tools such as Fortify. Support and lead cyber test and evaluation, including risk/threat assessments and tabletop exercises. Document System Security More ❯

is contingent upon contract award. Essential Functions: Facilitate automated software testing and pipelines to enhance traditional manual testing performed by QA specialists Maintain testing tools and scripts Integrate with static and dynamic code analysis scanning tools Develop and manage solutions for simulating data/transactions within CATS Ensure automated testing is part of Azure DevOps build pipelines More ❯

Security Officers (ISSOs) to ensure compliance with relevant cybersecurity standards and regulations Assess organization-wide security and privacy risk and update assessment results on an ongoing basis Perform system analysis and develop system test for cyber threats, cyber test activities, and the cybersecurity of large-scale events Perform cyber risk assessments and develop risk mitigation plans Support the engineering … installation & analysis of patches and various system updates and upgrades to determine system consequence of these changes Attend, collect data from, out brief, and facilitate collaboration and project management from various program boards Support cyber threat intelligence activities Support the development and maintenance of cyber scanning, patching, remediation, tools and applications Support, as required, TEMPEST, DFARS, COMSEC, CNSSI, and … CTOs for the same Perform and/or support the development of tools for cyber forensics Develop, define efficiencies and improvements to tools to improve team productivity Perform system analysis trade studies to define technical concepts and solutions This position is expected to be 100% onsite. The selected candidate will be required to work onsite at one of the More ❯

flows, to discovering and proving software vulnerabilities. The candidate will be part of a small, agile team that quickly adapts and applies VR knowledge to demonstrate capabilities, from initial analysis of target systems up to developing tools to demonstrate the discoveries of the investigation. Required Qualifications: US citizenship and an active Top Secret security clearance Experience with one or … C++. Experience with one or more disassemblers (IDA, Ghidra, Binary Ninja, etc). Experience with modern exploitation techniques and mitigations (ASLR, DEP/NX, etc). Experience with modern static or dynamic program analysis techniques Key Responsibilities: Reverse engineering, system understanding, and vulnerability discovery against open and closed-source software products. Conducting experiments on an array of representative More ❯