Job Description
            
                **This position requires**   **U.S. citizenship**   **and an**   **active U.S. DoD clearance**  **.**
  
**Candidates who are**   **not U.S. citizens**   **are**   **not**   **eligible**   **for this role.**
  
Imagine One Technology & Management, Ltd.
is seeking one (1) Security Software Engineer.
This position is contingent upon award of the associated work and will be performed in Dahlgren, Virginia.
  
The Security Software Engineer will be expected to:
  
+ Debug and reverse engineer software.
+ Analyze Windows Events and Linux syslog's, boot logs and dmesg logs.
+ Program and debug Web 2.0, Java, Perl, Ada, C++, Tool Command Language (tcl/tk) scripts and graphical user interfaces (GUis) using Microsoft Visual tel and Rational ClearCase for software configuration management.
+ Recommend software modifications to systems to mitigate known vulnerabilities.
+ Operate and administrate computer systems running HP-UX, UNIX, Solaris, Linux and Microsoft Windows.
+ Identify security flaws in compiled and human readable source code.
+ Understand code utilizing real-time VxWorks and Lynx OS operating systems, Common Object Resource Broker Architecture (CORBA), firewalls and networking protocols.
+ Understand how to implement NSA approved encryption technologies and devices.
+ Apply DISA Security Technical Implementation Guides (STIGs).
+ Apply virtual hosting and server technology in system architectures.
+ Understand and apply the concept of deceptive technology such as honey pots in system architectures.
+ Participate in Code Reviews.
Perform Static Source Code Analysis.
Author recommendations for improving software and code design.
+ Contribute to a System Security Administrator and Operators Manual (SSAOM).
  
Desired Experience:
  
+ Five (5) years of experience in software engineering applied to program development; modeling and simulation applied to DoD or Information Technology systems.
+ Five (5) Years experience in:
1.
 Linux – firm grasp/demonstrated knowledge
2.
Associated Training: COMPTIA Linux+ or FedVTE Linux+ Five (5) Years experience in:
1.
Windows – foundational knowledge with good understanding of enterprise networks
2.
Associated Training: Microsoft course (MCSA; Various)
+ Strong working knowledge of common Penetration Testing (PENTEST) tools:
1.
Kali, Metasploit, NMAP, Cobalt Strike
2.
Associated Training: Certified Ethical Hacker or Offensive Security Certified Professional and;
3.
Documented experience in at least one of the following:
1.
Penetration Testing (PENTEST) (government or contractor)
2.
Red Team Operations (government or contractor)
3.
Tool/Software Development (exploits/malware, C2, reverse engineering, bug bounties)
4.
Python, C, C Sharp, C++, Go, Perl, Powershell
5.
Web Dev/Web App Dev/Web Penetration testing
4.
PHP, ASP, SQL db's, Java, HTML, No SQL [VW1]
  
Educational Requirements:
  
+ Minimum certification as IAT Level II per DoD 8570.01, or successor.
+ Minimum certification as penetration tester and possess one of the following certificates:
1.
Offensive Security Certs: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Wireless Professional (OSWP)
2.
SANS Certs: SEC560 - Network Penetration testing and Ethical Hacking (GPEN Certification), SEC542 - Web App Penetration Testing and Ethical Hacking (GWAPT Certification), SEC660 - Advance Penetration Testing.
Exploit Writing, and Ethical Hacking (GXPN Certification), SEC642 - Advanced Web App Penetration Testing and Ethical Hacking, SEC564 - Red Team Operations and Threat Emulation
3.
OSD Sponsored Cyber Operation Academy Course (COAC) graduates.
+ Bachelor’s degree desired
  
Security Requirements:
  
+ Active DoD Top Secret clearance required
  
Imagine One Technology & Management, Ltd., offers a full package of benefits and competitive salary, excellent group medical, vision, and dental programs.
401K savings plan; $4K annual tuition reimbursement ($5K if pursuing master’s degree); employee training, development, and education programs; profit sharing; advancement opportunities; and much more!
  
_ISO 9001:2015, ISO 20000-1:2018, ISO 27001:2013_
_CMMI Development and Services - Maturity Level 3_
_An Employee-Owned Business_
  
_EEO/Veterans/Disabled_