Information System Security Developer

CALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation Company, is seeking an Information System Security Developer (Mid-level) that will design, develop, test, and evaluate information system security throughout the systems development life cycle.

The Information System Security Developer’s responsibilities include, but are not limited to, the following:

1. Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support.
2. Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
3. Assess the effectiveness of cybersecurity measures utilized by system(s).
4. Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile.
5. Build, test, and modify product prototypes using working models or theoretical models.
6. Conduct Privacy Impact Assessments (PIAs) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).
7. Design and develop cybersecurity or cybersecurity-enabled products.
8. Design hardware, operating systems, and software applications to adequately address cybersecurity requirements.
9. Design or integrate appropriate data backup capabilities into overall system designs, and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.
10. Develop and direct system testing and validation procedures and documentation.
11. Develop detailed security design documentation for component and interface specifications to support system design and development.
12. Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.
13. Develop risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed.
14. Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or applications.
15. Identify components or elements, allocate security functions to those elements, and describe the relationships between the elements.
16. Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find workarounds for communication protocols that are not interoperable).

The Information System Security Developer will have demonstrated experience in the following:

1. Designing countermeasures to identified security risks.
2. Designing security controls based on cybersecurity principles and tenets.
3. Designing the integration of hardware and software solutions.
4. Developing and applying security system access controls.
5. Discerning the protection needs (i.e., security controls) of information systems and networks.
6. Evaluating the adequacy of security designs.
7. Conducting audits or reviews of technical systems.
8. Integrating and applying policies that meet system security objectives.
9. The use of design modeling (e.g., unified modeling language).
10. Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
11. Conducting vulnerability scans and recognizing vulnerabilities in security systems.

Desired skills for this position include the ability to:

1. Apply the methods, standards, and approaches for describing, analyzing, and documenting an organization's enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]).
2. Effectively communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
3. Effectively collaborate with others as a member of planning teams, coordination groups, and task forces as necessary.

1. US citizen.
2. Active Top Secret/Sensitive Compartmented Information (TS/SCI) clearance, eligible for Counterintelligence (CI) Polygraph.
3. IAT, IAM, or IASAE Level 3 certification.
4. Bachelor’s degree or higher from an accredited college or university in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.
5. Available for possible travel within the Continental United States (CONUS) and Outside CONUS (OCONUS).