**Position Title:** Software Assurance Engineer Internship **Location:** Schriever Space Force Base, Colorado Springs, CO or Redstone Arsenal, Huntsville, AL **Relocation Assistance:** None available at this time **Remote/Telework:** NO - Not available for this position **Clearance Type:** DoD Secret **Shift:** Day shift **Travel Required:** Up to 10% of the time \#cjpost **Description of Duties:** The **Software Assurance Engineer Internship** supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will: • Learn to perform software security audits identifying risks associated with software and provide a comprehensive security assessment for the MDA IC ISSM.- This will include known vulnerabilities published to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). • Discover and compile a list of dependencies/bill of materials for software being audited. • Use of various tools to discover vulnerabilities within a software application. • Use various programming/scripting/query languages to correlate industry best practices for secure software development. • Identify common security issues including input validation, error and exception handling, logging, access controls, SQL • Injection, cross-site scripting (XSS), etc. and articulate how to mitigate or reduce their impact. • Help correlate Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) vulnerabilities and other policies with vulnerabilities discovered and documenting them to be consumable by a wide audience. • Monitor a queue of requests for software security audits. • Assist with developing reporting metrics for team activities. • Occasional Interaction with requesters of varied backgrounds to determine use-case scenarios, understand application architecture and to help determine risk mitigation strategies. **The successful candidate will:** • Have excellent written, verbal and interpersonal communication skills • Be able to independently perform all aspects of software code auditing. • Be able to translate technical data into a format understood by individuals form varied backgrounds. • Be articulate, in both written and verbal communication, able to brief senior Contract and Government leadership. • Work in a fast-paced, high-pressure, changing environment. • Be able to use the STIG viewer and identify, understand and apply STIGs required for review of the software. • Have a strong commitment to a team environment. • Possess a willingness to learn new technologies. • Be able to de-conflict request/requirements. **Resumes, in month and year format, must be submitted with application in order to be considered for the position. The selected candidate may be assigned as an employee for one of our teammate companies.** **Basic Requirements:** Must have one of the following combinations of education and experience: HS Diploma (or GED) and 1 year of general experience; Associate’s degree, or higher, and 0 years of general experience • Must be able to comprehend complex technical documentation and be able to interpret to a wide audience. • Must be able to maintain a restricted badge and work on site 3+ days per week. • Must have a current IAT Level II Certification (Security+ CE) or be able to obtain within 3 months of hire. • Must have, or be able to obtain, an active DoD Secret Clearance **Desired Requirements:** • Be able to perform manual code reviews to filter out false positive results for automated code review findings. • Be familiar with secure programming theory, common software and database security vulnerabilities, and remediation processes. • Have experience with one/any of the following languages/technologies: .NET, VB, Java, C+, C++, C, JavaScript, Python, PowerShell, Team Foundation Server (TFS), JIRA, Get, Internet Information Service (IIS), Tomcat, Docker, Kubernetes, SQL Server, Oracle Database, Angular, MVC, HTML, ASP, Bash, and Perl. • Be proficient in using Fortify Source Code Analyzer (SCA). • Have excellent written, verbal and interpersonal communications skills. • Have a Microsoft Development certification such as Azure, Foundations, etc. • Have a familiarity with the MDA and BMDS programs. This position is expected to pay **$43,000** annually; depending on experience, education, and any certifications that are directly related to the position. This position will be posted for a minimum of 3 days. If a candidate has not been selected at that time, it will continue to be posted until a suitable candidate is selected or the position is closed. Our health and welfare benefits are designed to invest in you, and in the things that you care about. Your health. Your well-being. Your security. Your future. Typical benefits offered include flexible work schedules, educational reimbursement, retirement benefits (401K match), employee stock purchase plan, health benefits, tax saving options, disability benefits, life and accident insurance, voluntary benefits, paid time off and paid holidays, and parental leave.