Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help Locally
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Contact Us
    Site Links
    Reporting Employee and Contractor Misconduct
    CISA GitHub
Report a Cyber Issue
America's Cyber Defense Agency
Breadcrumb
  1. Home
  2. Careers at CISA
Share:

Careers

  • Benefits & Perks
  • HireVue Applicant Reasonable Accommodations Process
  • Hiring
  • Resume & Application Tips
  • Students & Recent Graduates
  • Veteran and Military Spouses
  • Work @ CISA

Secure Software Assessor

CISA Secure Software Assessor

This role analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.

Personnel performing this work role may unofficially or alternatively be called:

  • Information Assurance (IA) Software Developer
  • Information Assurance (IA) Software Engineer
  • Security Engineer
  • Secure Software Engineer
  • Application Security Analyst/Engineer
  • Application Security Tester
  • Software Quality / Quality Assurance Engineer
  • Software Assurance Analyst
  • Security Requirements Analyst

Skill Community: Cybersecurity
Category: Securely Provision
Specialty Area: Software Development
Work Role Code: 622

Core Tasks

  • Develop secure software testing and validation procedures. (T0456)
  • Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities. (T0516)
  • Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing. (T0217)
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. (T0181)
  • Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews. (T0013)
  • Determine and document software patches or the extent of releases that would leave software vulnerable. (T0554)
  • Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life. (T0118)
  • Identify basic common coding flaws at a high level. (T0111)
  • Consult with engineering staff to evaluate interface between hardware and software. (T0040)

Core Competencies

  • Data Privacy
  • Information Assurance
  • Information Systems/Network Security
  • Operating System
  • Risk Management
  • Software Development
  • Software Testing and Evaluation
  • Systems Administration
  • Systems Testing and Evaluation
  • Threat Analysis
  • Vulnerability Assessment

Core Knowledge

  • Knowledge of cybersecurity and privacy principles. (K0004)
  • Knowledge of computer networking concepts and protocols, and network security methodologies. (K0001)
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. (K0003)
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). (K0002)
  • Knowledge of cyber threats and vulnerabilities. (K0005)
  • Knowledge of specific operational impacts of cybersecurity lapses. (K0006)
  • Knowledge of Personally Identifiable Information (PII) data security standards. (K0260)
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). (K0044)
  • Skill in discerning the protection needs (i.e., security controls) of information systems and networks. (S0034)
  • Knowledge of operating systems. (K0060)
  • Knowledge of information technology (IT) risk management policies, requirements, and procedures. (K0263)
  • Knowledge of cybersecurity principles and methods that apply to software development. (K0039)
  • Knowledge of software quality assurance process. (K0153)
  • Knowledge of secure software deployment methodologies, tools, and practices. (K0178)
  • Skill in using code analysis tools. (S0174)
  • Knowledge of secure configuration management techniques. (K0073)
  • Knowledge of organization's evaluation and validation requirements. (K0028)
  • Skill in secure test plan design (e. g. unit, integration, system, acceptance). (S0135)
  • Skill in designing countermeasures to identified security risks. (S0022)
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). (K0070)
  • Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. (S0001)

How To Apply

Join the Mission! CISA is always searching for diverse, talented, and highly motivated professionals to continue its mission of securing the nation's critical infrastructure. CISA is more than a great place to work; our workforce tackles the risks and threats that matter most to the nation, our families, and communities.

To join this mission, visit USAJOBs and/or the DHS Cybersecurity Service to view job announcements and to access the application. Be sure to tailor your resume to the specific job announcement, attach relevant documents, and complete all required assessments.

When applying for CISA's cyber positions, please review CISA's cyber roles above and update your resume to align your experience with the listed competencies. Your resume must also show demonstrated cyber/IT related experience in:

  • Attention to Detail
  • Customer Service
  • Oral Communication
  • Problem Solving

To receive email notifications when new CISA positions are announced, set up a "saved search" on USAJOBs with keyword "Cybersecurity and Infrastructure Security Agency."

Individuals eligible for special hiring authorities may also be considered during CISA's one-stop hiring events or by emailing Veterans@cisa.dhs.gov or Careers@cisa.dhs.gov.

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback