There are a variety of Secure Software Engineering opportunities across the Department, including supporting several specialized programs at the Cybersecurity and Infrastructure Security Agency (CISA), DHS Office of the Chief Information Officer (OCIO), and the Federal Emergency Management Agency (FEMA).

As a DHS Cybersecurity Service employee in the Technical Career Track, you will continually maintain and share your Secure Software Engineering expertise to perform a wide range of critical, complex, routine and non-routine tasks, including:

• Applying technical expertise to design, build, maintain, and oversee the development of secure custom software critical to support and safeguard Departmental or Component mission spaces.
• Serving as a technical expert and mentor to other team members by reviewing software systems and development processes for security, technical quality, maintainability, and reliability.
• Documenting secure development and code best practices to support Departmental or Component projects and programs, including security, coding, testing, and governance best practices for both government and contractor developed systems.
• Applying knowledge of software environments and source code quality, security, and stability to interpret existing code functionality and performance, taking appropriate corrective action as necessary.
• Writing secure and maintainable source code to address identified business needs.
• Working with other software engineers, DevOps engineers, testers, designers, and product managers to support the entire software development lifecycle (SDLC) from design and development through building and deploying secure, scalable, reliable, and maintainable software systems.
• Analyzing risks throughout the life of software systems to understand likely points of attack and failure, including the development process through operations and maintenance of deployed applications.
• Creating and continuously improving unit, functional, and end-to-end tests and analyzing results to prevent and remediate security issues and bugs.

Conditions of employment

• You must be a U.S. Citizen or national.
• You must be 18 years of age.
• Must be registered for the Selective Service (if you are a male).
• Must be able to obtain and maintain a security clearance. Security clearance levels may vary.
• Must be able to submit to a drug test and receive a negative result.
• Must be able to comply with ethics and standards of conduct requirements, including completing any applicable financial disclosure.
• May be required to serve a 3 year probationary period.
• While these positions are considered telework, some individuals must live within 2 hours driving distance to a DHS SCIF in either Chandler, AZ; Stennis, MS; Idaho Falls; Arlington, VA; Pensacola, FL; Springfield, VA or Washington, D.C.
• Remote work may be available for some positions.

Qualifications

This position is in the Technical Track across a range of career levels. Employees in this career track generally:

• Have between 5-15 years of cybersecurity work experience.
• Range from experienced cybersecurity professionals who apply technical expertise and independent judgement to perform cybersecurity work - to - recognized Federal cybersecurity technical authorities with uncommon technical expertise who advise on cybersecurity challenges impacting DHS and the Nation.

Depending on their career level, DHS Cybersecurity Service employees with a technical capability in Secure Software Engineering will generally apply their technical expertise to:

• Conducting software system planning and development to create new, and enhance existing, technical capabilities, following industry best practices for quality, security, scalability, and reliability.
• Giving full consideration to the security risks and mitigations for software systems throughout the software development lifecycle (SDLC) and is able to both create secure systems and review existing systems for potential security issues.
• Developing software using modern best practices and cross-functional knowledge of the entire software development landscape including agile methodologies, continuous integration and continuous deliver (CI/CD) processes, automated testing, and secure system design and analysis.
• Staying current on emerging technologies, trends, and practices and recommends pathways to implement such improvements to meet organizational goals and requirements.

• Demonstrated experience coding in at least one modern programming language.
• Demonstrated experience using algorithms and data structures.
• Demonstrated experience implementing modern secure software development best practices (e.g., automated testing, agile development, and CI/CD)
• Demonstrated experience with system design, especially of distributed, cloud-based systems.
• Demonstrated exposure to common security vulnerabilities in software and how to guard against them (e.g., XSS, DoS, SQL injection, CSRF, etc.).

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

All DHS Cybersecurity Service applicants participate in a multi-phase assessment process, which varies by career track. For the Technical Career Track, applicants participate in a three-phase assessment process:

• You must successfully complete each phase to advance to the next phase.
• The total time commitment for the three phases is approximately 5 hours (many applicants require less time!).
• Before each phase, DHS will e-mail you instructions and information to help you prepare.
• Assessments are time sensitive, so monitor your e-mail to ensure you have plenty of time to complete them prior to any deadlines.

• Unproctored - you choose the time and location.
• Includes two assessments: (1) a work styles inventory that will take about 30 minutes to complete; (2) a work simulation that you will have up to 2 hours to complete.
• The two assessments take about 90 minutes (on average) to complete.
• Requires a computer with audio (speakers or headphones) and a reliable internet connection.
• No knowledge of DHS or cybersecurity is required for these assessments, which measure non-technical capabilities that are important for professional success in the DHS Cybersecurity Service. This includes how you communicate, analyze information, and collaborate with others:
  • The work styles inventory presents you with questions about your work-related interests and preferences.
  • The work simulation presents you with realistic, work-related scenarios and asks you to respond to them.

PHASE II: TECHNICAL CAPABILITY ASSESSMENT

• Proctored - must be scheduled in advance and completed at a designated assessment center.
• There is a different assessment for each DHS Cybersecurity Service technical capability (visit Jobs to learn more about the technical capabilities).
• Most individuals only have a primary technical capability and complete only one Technical Capability Assessment, but in limited circumstances, you may complete a second Technical Capability Assessment.
• You will have up to 2.5 hours to complete each Technical Capability Assessment; each takes about 90 minutes (on average) to complete.
• Assessments present realistic, work-related cybersecurity scenarios and questions to assess technical skills.
• Cybersecurity knowledge is assessed, but no knowledge of DHS is required.

PHASE III: STRUCTURED TECHNICAL INTERVIEW

• Live Interview, either virtual or in-person.
• Includes two 90-minute scenario-based interviews used to further assess your technical proficiency in this technical capability.