Principal Software Engineer- Software Security Vulnerability 8/28/2016
National Marrow Donor Program
JOB DESCRIPTIONAPPLY Summary: This position is responsible for providing technical leadership in the analysis, architecture, design, quality, testing, implementation and support; of custom and vendor provided software solutions related to the NMDP Solution Portfolio.
This position is responsible for providing technical leadership in the analysis, architecture, design, quality, testing, implementation and security; of custom and vendor provided software solutions related to the NMDP Solution Portfolio. This position has two major areas of responsibility. The first includes architecting application frameworks and data designs, providing system life cycle skills, development of new enterprise applications, maintenance and support of critical applications, and defining the direction of future application architecture. The second includes evaluation of new directions in software security and development technologies, implementation of new programming methodologies and compliance with Internet standards. This role serves as a lead to develop plans for growth, extension and evolution of the NMDP's enterprise architecture platform, based on business priorities and project plans.
Bachelors degree in computer science business with an emphasis in management information systems; math or related technical field that required extensive computer programming. However, upon evaluation, equivalent related experience and/or education may be substituted for the degree.
Eight years technical work experience in a software development environment which included five years experience performing software development on proprietary software applications. Implement, test and operate advanced software security techniques in compliance with technical reference architecture. Perform on -going security testing and code review to improve software security. Provide engineering designs for new software solutions to help mitigate security vulnerabilities. Knowledge of enterprise frameworks, systems integration, software development and testing methodologies is required. Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
Knowledge of n-tier software development and testing methodologies along with experience in regulatory oversight is required. Knowledge of service-oriented architecture, event-driven integration, application framework architecture, application servers, application security, distributed systems, database environment, testing frameworks/methodologies and analytical techniques.
Knowledge of functional, load and regression testing frameworks is helpful. Knowledge of unit testing and automated testing principles is helpful. Knowledge of Federated Architecture and Model Driven Architecture principles is also helpful. Knowledge of UML, Use Case design and realization is helpful.
Expert knowledge in the iterative approach to software development and UML (Unified Modeling Language); development life cycle including testing processes and methods; object-oriented programming fundamentals; relational database design; general software development methodologies and practices; data structures; compilation and debugging tools. Advanced knowledge of networks; operating systems; current and emerging Internet technologies; experience with web servers.
Fundamental project management experience and full technical knowledge of all phases of SDLC is required.
Expert technical skills including experience with Object Oriented framework design and Web development. Expertise in enterprise systems and SOA, along with experience with software security and security vulnerabilities. Expertise in application architecture principles.
Other Requirements: Depending upon area of assignment/focus, necessary skills and experience may include one or more of the following:
* Java EE
* Software Security
* Ruby on the Rails
* WebSphere MQ
* . Net Framework
* JSF/JSP/Struts (MVC)
* relational databases
* Web Development
* Web Accessibility
* web services
* Reactive web site design
* service-oriented architecture
* development and testing on mobile platforms
* object relational mapping frameworks
* MVC Framework