Job Descriptions

Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.

You may search job titles by skills within selected career category
Information System Security Officer (ISSO)
Chief Information Security Officer (CISO)
Information Security (IS) Auditor
Security Architect
Security Automation Engineer
Secure Software Assessor Cryptographer/Cryptanalyst
Information Systems Security Developer
Operational Technology Systems Analyst
Security Engineer
Supply Chain Security Analyst
Security Testing and Evaluation Specialist
Identity Management & Authentication Support Specialist
Encryption / Key Management Support Specialist
Data Privacy Specialist
Cybersecurity Operations Technician
Cybersecurity Incident Responder
Cybersecurity Malware Specialist
Digital Forensics Analyst
Cybersecurity Operations Analyst
Vulnerability Assessment Analyst
Information Systems Security Manager - Cybersecurity Operations
Threat Hunter
Cybersecurity Operational Technology Incident Responder
Penetration Tester
Data Scientist (AI)
Systems Analyst
User Interface Designer
Developer
Data Scientist (Tech)
Architectural Designer
Project Manager
Legal Compliance Officer
IT Auditor
Automation Process Engineer
IT Author / Technical Writer
Clinical Researcher / Coordinator
Machine Learning Engineer
Social Media Manager
Systems Engineer
Computer Vision Engineer
IT Service Manager
Data Analyst
Product Manager
Policy Analyst
Learning and Development Specialist
Cognitive Copywriter
Front End Developer
Technical Recruiter
Business Analyst
User Experience Designer
Programmer
Full Stack Developer
Data Engineer
Software Engineer
Deep Learning Engineer
Medical Coder/Programmer
Human Resources Analyst
Robotics Process Analyst
Online/Digital Learning Developer
Network and Systems Administrator
Systems Architect
Tech Sales and Customer Service
Graphic and Animation Designer
IT Program Manager
Web Developer
Business Intelligence Analyst
IT Procurement Officer
Digital Marketing / Communications

Secure Software Assessor

DESIGN & DEVELOP

Skills

Job Description

Other Titles Include:

  • Secure software developer/programmer
  • Software testing and evaluation specialists
  • Vulnerability analyst / assessor

Note: This role is most commonly found in large or medium-sized organizations. 

Reporting relationship

To be completed by the user of this job description as appropriate

Job purpose / summary

Given references, organizational security documentation, cyber security guidance and required tools and resources, analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.

Duties and responsibilities

  • Define/validate business needs for security & security requirements
  • Review and analyze security IT architectures & design documents, as well as related systems, protocols, services, controls, appliances, applications, encryption and crypto algorithms relative to security requirements and industry standards
  • Research, analyze and implement secure application development processes and techniques;
  • Analyze the security data and provide advisories and reports
  • Develop and conduct software system or application testing and validation procedures, programming, and secure coding, and report on functionality and resiliency;
  • Develop and review system use cases
  • Conduct vulnerability scans and reviews on software systems or applications, and examine controls and measures required to protect software systems or applications;
  • Prepare reports on software systems, development and applications, patches or releases that would leave systems vulnerable;
  • Develop countermeasures against potential exploitations of vulnerabilities in systems;
  • Perform risk analysis whenever an application or system undergoes a change; and
  • Prepare technical reports such as IT security solutions option analysis and implementation plans
  • Provide Independent Verification and Validation (IV&V) on software projects
  • Advise on software security policies, plans and practices
  • Review, develop and deliver training materials

Competencies:

Basic application of the following KSAs:

  • Security architecture concepts and enterprise information security architecture model
  • Security assessment and authorization processes
  • Software procurement processes and supply chain integrity assessments
  • IT security systems testing and evaluations tools, procedures and practices

Advanced application of the following KSAs:

  • Software engineering models, processes and principles
  • Software development lifecycle and software project management
  • Secure coding/software development operations processes, procedures, practices, tools and techniques
  • Business needs for security including compliance requirements
  • Data security characteristics and requirements
  • Security controls for software development
  • Software development standards
  • Secure software standards
  • Secure software testing and evaluation methodologies and processes
  • Vulnerability assessment and penetration testing methodologies and applications
  • Developing and testing threat models
  • Vulnerability scanning, assessment and analysis
  • Penetration testing activities and techniques
  • Investigating and analyzing software vulnerabilities and breaches
  • Establishing and managing a secure software/ web application testing environment
  • Advising on security requirements, policies, plans and activities
  • Drafting and providing briefings and reports to different audience levels (users, managers, executives)

Tools and Technology:

  • Software development tools, processes and protocols
  • Threat and risk assessment tools and methodologies
  • Protective and defensive systems including firewalls, anti-virus software and systems, intrusion detection and protection systems, scanners and alarms
  • Open source software and application security information (e.g. OWASP)
  • Security event and incident management systems and/or incident reporting systems and networks
  • Software security testing and evaluation tools and techniques
  • Authentication software and systems,
  • Vulnerability management processes and vulnerability assessment systems including penetration testing if used
  • Common vulnerability data bases
  • Software development social collaboration sites (e.g. GITHUB)
  • Security services provided if applicable

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate

Qualifications

Education. Relevant computer science degree or diploma related to programming, software design or software development, or equivalent training and experience

Certifications. Valid industry level certification in related secure software development and software security testing

Other relevant qualifications.

Typically follows formal education and 5-10 years’ experience in the software development field. This role often requires advanced training, education or experience related to secure software and vulnerability assessment activities for software / application security.

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. Moderate experience (3-5 years) in software development followed by moderate experience (3-5 years) in secure software development activities.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.