Software Security Analyst
About the position TrellisWare, a leader in wireless communications systems, is seeking a hybrid Software Security Analyst to join their Cyber Security Team. This role focuses on ensuring the security of next-generation self-networking hand-held software-defined radios and companion products for defense forces. The analyst will be responsible for evaluating software designs, implementing defensive security measures, performing vulnerability assessments and penetration testing, threat modeling, incident response, ensuring regulatory compliance, and building customer trust. The position involves researching emerging threats, conducting security assessments in labs, and contributing to team morale and professional development, all while upholding TrellisWare's core values of delivering excellence, pushing boundaries, and empowering people.
Responsibilities
- Conduct software product security assessments and vulnerability testing.
- Regular scanning and penetration testing.
- Threat analysis.
- Static and dynamic analysis and security testing.
- Maintain currency of evolving security threats, technologies, and regulatory changes.
- Analyze and review functional system design specifications, and ensure security policy compliance.
- Participate in software system architectural and component design reviews.
- Reverse engineer software components for hidden bugs or malicious code.
- Evaluate and ensure secure COMSEC key and certificate distribution, authentication, and assignment.
- Investigate security related incidents.
- Determine root cause and verify mitigation updates.
- Document and present product security compliance using standard professional practices and corporate defined engineering processes.
- FIPS 140 compliance.
- NIST STIG compliance.
- Develop relationships with team members built on trust and respect.
Requirements
- Bachelor’s degree in Computer Science, Cybersecurity, or Information Technology or related field of study required.
- Minimum of 5 years’ industry experience with at least three years in software development and at least two years in auditing and vulnerability testing.
- Proficiency with Python, C/C++ and an understanding of operating systems, and network protocols.
- Experience performing penetration testing (ethical hacking) and security scans.
- At least one certification: CompTIA Security+, CISSP, OSCP, or SANS/GIAC.
- Experience with the full software development life cycle, including system design, threat modeling, and secure code implementation.
- Familiarity with encryption devices and secure key management required.
- Familiarity with embedded software defined tactical radio security required.
- Experience with threat modeling, secure coding practices, and identification of software vulnerabilities.
- Experience with cybersecurity scanning tools; Nessus, Qualys VMDR, Trivy, or Rapid7.
- Experience with NIST, ISO 27001, CIS Controls or OWASP.
- C++, Python, or Java.
- Distributed revision control systems (GitHub).
- Analytical, attention to detail, and able to communicate thought process both written and verbally.
- Able to work independently as well as in a team environment.
- Strong collaborative drive and interpersonal skills.
- Strong initiative, proactive work ethic and prioritization skills.
- Trustable judgement and analytical problem-solving skills.
- Effective execution and decision making.
- Champion of change and promotes innovation.
- Strong written and verbal communication skills.
- U.S. Citizenship.
Benefits
- Pays competitively according to the market in an individual's geographic location, in addition to their qualifications and experience.