Contract Subject Matter Expert (SME) – Secure Software Assessor - Remote

About the Role

We are seeking a Contract Subject Matter Expert (SME) – Secure Software Assessor - Remote to join our dynamic team. In this role, you will leverage your expertise in secure software assessment to validate and enhance our cybersecurity protocols. As a remote SME, you will play a crucial role in ensuring that our software meets the highest security standards, contributing to the overall integrity of our systems.

What You'll Do

• Conduct thorough assessments of software applications using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) methodologies.
• Perform secure code reviews and software composition analysis (SCA) to identify vulnerabilities and recommend remediation strategies.
• Collaborate with cross-functional teams to integrate security practices into the software development lifecycle (SDLC).
• Provide guidance on DevSecOps practices and OWASP standards to enhance our security posture.
• Engage in risk assessment and management activities, ensuring compliance with NIST RMF and other regulatory frameworks.
• Contribute to educational technology initiatives and workforce development in cybersecurity.
• Participate in research and development projects related to AI and data labeling in the context of software security.
• Mentor junior team members and share best practices in secure coding and white-box testing.

Requirements

• Minimum of 5 years of experience in cybersecurity, specifically in secure software assessment.
• Proven expertise in SAST, DAST, secure code review, and SCA.
• Strong understanding of the software development lifecycle (SDLC) and DevSecOps methodologies.
• Familiarity with OWASP guidelines and risk management frameworks such as NIST RMF.
• Relevant certifications (CISSP, GCSA) are highly desirable.
• Excellent communication skills and ability to work collaboratively in a remote environment.
• Experience in educational technology and STEM fields is a plus.

Nice to Have

• Experience with cloud platforms such as AWS and tools like OpenTofu and Terraform.
• Knowledge of Kubernetes and infrastructure defense strategies.
• Background in AI and data projects related to cybersecurity.

What We Offer

• Flexible work arrangement to support work-life balance.
• Opportunity to contribute to assessment validation and cybersecurity initiatives.
• Engagement with peers in the cybersecurity field, fostering a collaborative environment.
• Competitive salary and potential for professional growth.
• Access to resources for continuous learning and development.