Applications Security Engineer

Westminster, CO 80234

Posted: 04/17/2019 Employment Type: Contract Industry: Engineering Job Number: 80190
Job Description
Work with trains to understand and document the current landscape of 3PL usage. 
  • What version of what 3PL’s are used by the software developed by each train?
  • Where do use different versions of the same 3PL’s?
  • What 3PL’s are being used that are flagged by the 3PL scanning tool WhiteSource as having a vulnerability?
Facilitate technical conversations with the trains to determine what version of a 3PL should be used in cases where either different versions or flagged versions are being used.
  • Work with the trains and Communities of Practice for the primary languages of P20/20 (Java, Ruby, Python) to establish practices for how library usage is controlled within the software.  Examples of this include the use within the Maven file of java software the practice of using explicit declaration at the lowest library level.
Establish two lists of 3PL’s
  • Currently Used – what 3PL’s are currently used by all P20/20 software
  • Recommended – what is the list we recommend consolidating down too
Work with the IT pipeline group to determine what tool/format should be used to document the “Currently Used” and “Recommended” lists such that:
  • Pipeline scanning tools can automatically update the ‘Currently Used’ list each time the software code base is scanned.
  • Pipeline code promotion gates can automatically compare the ‘Currently Used’ list against the ‘Recommended’ list and halt promotions when they don’t match.
  • Human readable copies of the lists can be produced for use by the trains to monitor compliance, Information Assurance can use in communications with the customer.
  • Work with the SecOps 2.0 program and IT Pipeline team to fund, define, and schedule, the development and activation of pipeline tools that determine what libraries are used, compare them against the recommended list, and halt software promotion when a mismatch occurs.
  • Work with the Information Assurance group to ensure that our desired ‘Recommended’ list is in compliance with any ‘approved’ lists maintained by the customer.
Additional Job Description
Basic Competencies
  • Active security clearance is a plus, but not required
  • Bachelor’s degree or Master’s Degree preferred
  • 5+ years overall experience working in the software development industry, preferably in a micro services-based back office infrastructure.
  • Basic understanding of the usage of 3PLs by Java, Ruby, Python, and Angular and the tools used by these languages to control 3PL usage (ie Maven, GEMS, Node Package Manager, etc).
  • Strong leadership, management, analytical, communications skills
  • Program and project management competency
  • Excellent written and oral communication
Preferred Requirements
  • Hands on experience developing software using 3PLs
  • Familiarity with SaFE Agile practices and/or experience using Rally Software.
For more information contact Mark Johnston at 714-901-3804 or
Apply Online

Send an email reminder to:

Share This Job:

Related Jobs: