ANALYGENCE is seeking a skilled Security Software Engineer with a strong foundation in reverse engineering, penetration testing, and secure software development. This role will contribute to the design, analysis, and testing of secure systems and applications, with a focus on offensive security capabilities in complex DoD and enterprise environments. This position will provide support to NSWCDD located in Dahlgren, VA, or Virginia Beach, VA.

 

Responsibilities:

 

       Perform penetration testing and Red Team operations, simulating adversary tactics using tools such as Kali Linux, Metasploit, NMAP, and Cobalt Strike.      Reverse engineer and debug compiled and source code to identify vulnerabilities and develop remediation strategies.      Conduct static source code analysis, participate in code reviews, and author secure coding recommendations.      Develop and debug software and scripts in Python, C, C#, C++, Go, Perl, PowerShell, PHP, ASP, Java, HTML, SQL, and NoSQL environments.       Analyze and monitor systems using Windows Event Logs, Linux syslogs, boot logs, and dmesg.      Design and maintain GUIs; manage configuration using tools such as Rational ClearCase.       Identify flaws in systems running VxWorks, LynxOS, and enterprise operating systems (Windows, HP-UX, UNIX, Solaris, Linux).      Work with virtualization and enterprise platforms such as VMware NSX, vCenter, vRealize Suite, Horizon View (VDI).       Apply DISA STIGs and security best practices across on-premise and hybrid infrastructures.       Implement NSA-approved encryption technologies and integrate secure protocols and firewalls (PAN-OS, FirePower, Nexus, IOS, ASA).       Administer and secure directory services including Active Directory, Entra ID (Azure AD), with integration for SSO, MFA, Azure App Integration, and Identity Federation.       Automate processes using PowerShell, PowerAutomate, Logic Apps, and Graph API.       Manage and secure environments with NetApp ONTAP, SnapMirror, and Microsoft 365 in hybrid deployments.      Conduct Red Team operations in Microsoft Defender for Endpoint (MDE) environments.       Perform Web Application Penetration Testing for RESTful/SOAP services and OAuth2, SAML, LDAP protocols.      Support cloud-native security efforts within AWS, including services like EC2, S3, RDS, KMS, and microservice/serverless architectures.      Recommend secure software architecture enhancements and contribute to tool/exploit/C2 development.Minimum of 5 years of experience in software engineering applied to program development; modeling and simulation applied to DoD or IT Systems.Minimum of 5 years of experience in: Firm grasp of LinuxAssociated training: COMPTIA Linux+ or FedVTE Linux+ Minimum of 5 years of experience in: Firm grasp of WindowsAssociated training: Microsoft Courses (MCSA or related) Working knowledge of common Penetration Testing tools i.e. Kali, Metasploit, NMAP, Cobalt StrikeMinimum certification as a Pen Tester and possess one of the following certifications/qualifications: CEH, OSCP, GPEN, OSEE, OSWP, GXPN, OSD Sponsored COAC, Capture the Flag , Hack the Box, or USS Secure CTF participant, or security research resulting in CVE Experience with programing languages such as Python, C, C Sharp, C++, Go, Perl, PowerShellMinimum IAT Level II per DoD 8570.01Strong understanding of DoD Cybersecurity policies for both Land Based and afloat/tactical systems.Ability to communicate clearly and succinctly in written and oral presentations.Minimum Active Secret Clearance.