There are a variety of Secure Software Engineering opportunities across the Department, including supporting several specialized programs at the Cybersecurity and Infrastructure Security Agency (CISA), DHS Office of the Chief Information Officer (OCIO), and the Federal Emergency Management Agency (FEMA).

As a DHS Cybersecurity Service employee in the Technical Career Track, you will continually maintain and share your Secure Software Engineering expertise to perform a wide range of critical, complex, routine and non-routine tasks, including:

• Applying technical expertise to design, build, maintain, and oversee the development of secure custom software critical to support and safeguard Departmental or Component mission spaces.
• Serving as a technical expert and mentor to other team members by reviewing software systems and development processes for security, technical quality, maintainability, and reliability.
• Documenting secure development and code best practices to support Departmental or Component projects and programs, including security, coding, testing, and governance best practices for both government and contractor developed systems.
• Applying knowledge of software environments and source code quality, security, and stability to interpret existing code functionality and performance, taking appropriate corrective action as necessary.
• Writing secure and maintainable source code to address identified business needs.
• Working with other software engineers, DevOps engineers, testers, designers, and product managers to support the entire software development lifecycle (SDLC) from design and development through building and deploying secure, scalable, reliable, and maintainable software systems.
• Analyzing risks throughout the life of software systems to understand likely points of attack and failure, including the development process through operations and maintenance of deployed applications.
• Creating and continuously improving unit, functional, and end-to-end tests and analyzing results to prevent and remediate security issues and bugs.

Conditions of employment

• You must be a U.S. Citizen or national.
• You must be 18 years of age.
• Must be registered for the Selective Service (if you are a male).
• Must be able to obtain and maintain a security clearance. Security clearance levels may vary.
• Must be able to submit to a drug test and receive a negative result.
• Must be able to comply with ethics and standards of conduct requirements, including completing any applicable financial disclosure.
• May be required to serve a 3 year probationary period.
• While many of these positions are considered telework eligible, some individuals must live within 2 hrs driving distance to a DHS SCIF in either Chandler, AZ; Stennis, MS; Idaho Falls, ID; Arlington, VA; Pensacola, FL; Springfield, VA or D.C.
• Remote work may be available for some positions.

Qualifications

This position is in the Technical Track for the DHS Cybersecurity Service across a range of career levels. Employees in this career track generally: Note: Please see the Secure Software Engineering specific qualifications below for additional information.

• Have between 5-15 years of cybersecurity work experience, including work within Secure Software Engineering.
• Range from experienced cybersecurity professionals who apply technical expertise and independent judgement to perform cybersecurity work - to - recognized Federal cybersecurity technical authorities with uncommon technical expertise who advise on cybersecurity challenges impacting DHS and the Nation.

Depending on their career level, DHS Cybersecurity Service employees with a technical capability in Secure Software Engineering will generally apply their technical expertise to:

• Conducting software system planning and development to create new, and enhance existing, technical capabilities, following industry best practices for quality, security, scalability, and reliability.
• Giving full consideration to the security risks and mitigations for software systems throughout the software development lifecycle (SDLC) and is able to both create secure systems and review existing systems for potential security issues.
• Developing software using modern best practices and cross-functional knowledge of the entire software development landscape including agile methodologies, continuous integration and continuous deliver (CI/CD) processes, automated testing, and secure system design and analysis.
• Staying current on emerging technologies, trends, and practices and recommends pathways to implement such improvements to meet organizational goals and requirements.

• Demonstrated experience coding in at least one modern programming language.
• Demonstrated experience using algorithms and data structures.
• Demonstrated experience implementing modern secure software development best practices (e.g., automated testing, agile development, and CI/CD)
• Demonstrated experience with system design, especially of distributed, cloud-based systems.
• Demonstrated exposure to common security vulnerabilities in software and how to guard against them (e.g., XSS, DoS, SQL injection, CSRF, etc.).

How you will be evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

All DHS Cybersecurity Service applicants participate in a multi-phase assessment process, which varies by career track. For the Technical Career Track, applicants participate in a three-phase assessment process:

• You must successfully complete each phase to advance to the next phase.
• The total time commitment for the three phases is approximately 5-6 hours (many applicants require less time!).
• Before each phase, DHS will e-mail you instructions and information to help you prepare.
• Assessments are time sensitive, so monitor your e-mail to ensure you have plenty of time to complete them prior to any deadlines.

• Unproctored - Completed online within a prescribed period of time
• Includes two assessments: (1) a work styles inventory that will take about 30 minutes to complete; (2) a work simulation that you will have up to 2 hours to complete.
• The two assessments take about 90 minutes (on average) to complete.
• Requires a computer with audio (speakers or headphones) and a reliable internet connection.
• No knowledge of DHS or cybersecurity is required for these assessments, which measure non-technical capabilities that are important for professional success in the DHS Cybersecurity Service. This includes how you communicate, analyze information, and collaborate with others:
  • The work styles inventory presents you with questions about your work-related interests and preferences.
  • The work simulation presents you with realistic, work-related scenarios and asks you to respond to them.

Applicants who successfully complete Phase I will undergo a resume review to confirm required experience. Applicants who pass this review will be invited to complete Phase II - an online Code Challenge.

NOTE: Your resume must explicitly indicate relevant coding experience within the first 3 pages of your resume. If more than 3 pages are submitted, only the first 3 pages will be reviewed to determine your eligibility for Phase II - online Code Challenge.

PHASE II: CODE CHALLENGE

• Un-proctored - Completed online within a prescribed period of time.
• You will have up to 40 minutes to complete the Code Challenge.
• You will be asked to write programs or define logic in functions to produce the expected output.
• Software Engineering and general cybersecurity knowledge is assessed, but no knowledge of DHS or Federal cybersecurity policy is required.

PHASE III: STRUCTURED TECHNICAL INTERVIEW

• This interview is conducted live, either virtual or in-person.
• This phase includes two 90 minute scenario-based interviews. These interviews will be used to further assess your technical proficiency.