Overview:
Quantum Research International, Inc. (Quantum) is a certified DoD Contractor providing services and products to US/Allied governments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space and Ground Support Systems; (3) Aviation Systems; (4) Missile Systems; (5) Artificial Intelligence/ Machine Learning Systems and Experimentation/Training; and (6) Audio Visual Systems and Services. Quantum's Corporate Office is in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen; MD; Colorado Springs, CO; Orlando, FL; Crestview, FL; and Tupelo, MS.

Mission:

As a member of the NGA DEFENDER team, the Software Developer will support cybersecurity integration efforts across NGA. As part of the work, the contractor uses Cybersecurity Business Intelligence (CBI) tools to analyze CBI data and develop work products; supports cybersecurity policy evolution; assists with the analysis and management of cybersecurity compliance and reporting requirements; and takes action to support information sharing across NGA. This position is available immediately and supports the National Geospatial-Intelligence Agency (NGA) onsite at NGA Campus West in St. Louis, Missouri.

Responsibilities:

Ideal candidate: develops, creates, maintains, and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs. Specific responsibilities include:

• Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application, and analyze user needs and software requirements to determine feasibility of design within time and cost constraints.
• Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, apply secure code documentation, and conduct code reviews.
• Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.
• Compile and write documentation of program development and subsequent revisions, inserting comments in the coded instructions so others can understand the program.
• Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.
• Correct errors by making appropriate changes and rechecking the program to ensure that desired results are produced.
• Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.
• Develop secure code and error handling.
• Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
• Identify basic common coding flaws at a high level and security implications and apply methodologies within centralized and decentralized environments across the enterprise's computer systems in software development.
• Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
• Perform integrated quality assurance testing for security functionality and resiliency attack.
• Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Prepare detailed workflow charts and diagrams that describe input, output, and logical operation, and convert them into a series of instructions coded in a computer language.
• Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
• Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
• Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
• Design countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.
• Identify and leverage the enterprise-wide version control system while designing and developing secure applications.
• Conduct trial runs of programs and software applications to ensure that the desired information is produced, and instructions and security levels are correct.

Requirements:

• Bachelor's degree (Advanced) in Computer Science or Information Systems or other technically relevant STEM degree. In lieu of degree, CISSP-ISSAP may be accepted in conjunction with relevant years of experience.
• Understands computer networking concepts and protocols, network security methodologies, and risk management processes (e.g., methods for assessing and mitigating risk).
• Expertise with laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of cybersecurity and privacy principles, cyber threats and vulnerabilities, and the specific operational impacts of cybersecurity lapses.
• Understands complex data structures and computer programming principles.
• Knowledge of cybersecurity and privacy principles and methods that apply to software development.
• Familiar with low-level computer languages (e.g., assembly languages), operating systems, and programming language structures and logic.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Understands secure configuration management techniques, software debugging principles, software design tools, methods, and techniques, and software development models (e.g., Waterfall Model, Spiral Model).
• Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language).
• Familiar with the software quality assurance process.
• Clearance required:TS/SCI eligible, subject to CI Polygraph.
• IAT Level 2 certification

Desired/Preferred Skills

• Conduct vulnerability scans and recognize vulnerabilities in security systems.
• Conduct software debugging.
• Create programs that validate and process multiple inputs including command line arguments, environmental variables, and input streams.
• Design countermeasures to identified security risks and develop and apply security system access controls.
• Discern the protection needs (i.e., security controls) of information systems and networks.
• Write code in a currently supported programming language (e.g., Java, C++).
• Design secure test plans (e. g. unit, integration, system, acceptance).
• Develop applications that can log and handle errors, exceptions, and application faults and logging.
• Conduct code analysis and perform root cause analysis.
• Develop secure software according to secure software deployment methodologies, tools, and practices.
• Prefered Certification: CISSP, ISSAP

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.