Code Scanning & Vulnerability Management:
- Perform GitHub code scanning using Dependabot and CodeQL.
- Conduct vulnerability analysis and manage secrets to ensure compliance with security standards and documentation/reporting for Authority to Operate (ATO) security authorization for FISMA information systems.
- Document findings, recommendations, and improvements. Generate regular reports on code quality metrics.
Threat Modeling & Risk Assessment:
- Conduct Threat Model analysis using Microsoft Threat Modeling Tool.
- Research and address potential security issues for products, services, interfaces, protocols, etc., which may be introduced into the MHV environment.
Code Quality & Optimization:
- Perform code quality assessments using static analysis tools to identify code smells, anti-patterns, and areas for improvement.
- Conduct security scanning to identify vulnerabilities (e.g., OWASP Top Ten) in the codebase.
- Optimize code performance, resolving bottlenecks, memory leaks, and resource-intensive areas.
CI/CD Integration & Automation:
- Integrate code analysis tools into CI/CD pipelines, ensuring code quality checks are automated.
- Develop scripts and automation tools using Python, Shell, or other scripting languages to streamline processes.
Documentation & Reporting:
- Prepare system, boundary, and authorization architectural diagrams using Visio.
- Support the ATO process by documenting scans, creating diagrams, gathering artifacts, and addressing Security Control Assessments.
Collaboration & Cross-functional Support:
- Work effectively with cross-functional teams, including developers, testers, and project managers, to ensure secure and efficient code releases
Cloud Infrastructure & Containerization:
- Understand and work within AWS cloud infrastructure.
- Utilize virtualization technologies such as VMware and containerization tools like Docker, Rancher, Kubernetes, and AWS EKS.