Total 2 Senior Executive level Legal / Public / Security job vacancies in Dallas, TX

Address:

Job Family Group:

About the role:

The Application Security Testing Engineer reports to the Senior Manager and assists with the security testing activities for BMO based applications. The role will be responsible for the execution and coordination of Static and Dynamic Application Security Testing (SAST/DAST), provides information security consulting services (SAST/DAST Scanning) for BMO overall and businesses/groups. Liaises with stakeholders to understand problems and opportunities and enables BMO to meet its goals by understanding business vision, objectives and KPIs. Participates in the execution of information security strategy.

What will you do:

• Subject Matter Expertise - Provides technical leadership to business areas as a Security Testing subject matter expert. Assists with efforts on the execution of security testing operations to include pre-engagement (scoping), engagement (testing) and post-engagement activities (reporting).
• Secure Testing - Assists in delivery of security testing projects according to a structured process, to include writing test reports. This may include oversight and/or execution of the configuration and deployment of security testing software and application of results to security analysis.
• Information Security Risk Management - Works with leadership to mature security testing team capabilities including reporting and remediation guidance in alignment with local and global regulatory requirements. Identifies security gaps and deficiencies by conducting risk assessments; able to recommend corrective action of identified vulnerabilities and weaknesses. Assists with the execution of planning, testing, tracking, and advises on necessary risk acceptance for identified security risks. 
• Secure Application Development - Assists with the execution of highly technical/analytical security assessments of custom web applications, mid-tier application services, backend mainframe applications and databases, including manual, custom and industry known attack methods using a risk-based intelligence-led methodology. Identifies potential misuse scenarios. Advises on secure development practices.

What you need to succeed:

• Typically between 5 - 7 years of relevant experience and a post-secondary degree in Computer Science or Information Systems or a related field of study or an equivalent combination of education and experience.
• Experience in testing web applications, APIs, mobile applications to identify vulnerabilities and weaknesses.
• Hands-on experience with dynamic application security (DAST) tools such as Burp Suite, OWASP ZAP, etc. Hands-on experience with static source code analysis (SAST) tools.
• Knowledge of coding languages (e.g. C#, JAVA, JavaScript, TypeScript, Python etc.) and can code with little oversight
• Knowledge of different rapid development processes, e.g. Waterfall, Agile, etc.
• Knowledge of coding vulnerabilities, frameworks, patching processes, Information Security risk and industry best practices, defense concepts, risk-based assessment approach
• Knowledge of OWASP Top 10, and the OWASP Testing Guide or other secure coding frameworks, NIST Cyber Security Framework (CSF)
• Understands the principles of secure coding techniques and secure code reviews, code scanning software and vulnerability code scanning processes, network protocols and connectivity.
• Industry certification is an asset - CISSP, CISSLP, CCSK, GIAC etc.
• Experience working in an Agile development environment, and ability to work effectively with cross-functional teams.

Compensation and Benefits:

Pay Type:

The above represents BMO Financial Group’s pay range and type.

Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group’s expected target for the first year in this position.

BMO Financial Group’s total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards

We’re here to help

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact.  We strive to help you make an impact from day one – for yourself and our customers.  We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.

To find out more visit us at http://jobs.bmo.com/us/en

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. BMO is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.

Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.

What You’ll Get to Do:

As the Senior Information Security Engineer, you’ll support software and systems engineering and interoperability engineering technical services to support the Government customer in their PDSS and PPSS mission for worldwide customers, including Program Executive Officers (PEOs) and their Project Managers (PMs) and Project Directors (PDs), Headquarters Department of the Anny (HQDA) and its components, and other Department of Defense (DoD) elements. The customer supports several Programs of Record (PORs) with all aspects of software sustainment services and in the future will support additional new programs.

More About the Role:

Additionally, you will be responsible for and/or involved with the following:

• Identify information protection needs for the Network Environment (NE).

• Define NE security requirements in accordance with applicable IA requirements (e.g., References (b) and organizational security policies).

• Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.

• Design security architectures for use within the NE.

• Design and develop IA or IA-enabled products for use within a NE.

• Integrate and/or implement CDS for use within a CE or NE.

• Develop and implement security designs for new or existing network system(s).

• Ensure that the design of hardware, operating systems, and software applications adequately address IA security requirements for the NE.

• Design, develop, and implement network security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.

• Design, develop, and implement specific IA countermeasures for the NE.

• Develop interface specifications for the NE.

• Develop approaches to mitigate NE vulnerabilities and recommend changes to network or network system components, as needed.

• Ensure that network system(s) designs support the incorporation of DoD-directed IA vulnerability solutions, e.g., IAVAs.

• Develop IA architectures and designs for DoD IS with medium integrity and availability requirements, to include MAC II systems as defined in References (b) and systems with a medium Level-of-Concern for availability or integrity in accordance with Reference, and other DAA designated systems.

• Develop IA architectures and designs for systems processing SCI that will operate at Protection Level 1 or 2 as defined in Reference (tv).

• Assess threats to and vulnerabilities of the NE.

• Identify, assess, and recommend IA or IA-enabled products for use within an NE ensure recommended products are in compliance with the DoD evaluation and validation requirements of References (b).

• Ensure that the implementation of security designs properly mitigate identified threats.

• Assess the effectiveness of information protection measures used by the NE.

• Evaluate security architectures and designs and provide input as to the adequacy of security designs and architectures proposed or provided in response to requirements contained in acquisition documents.

• Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate DAA or authorized representative.

• Provide input to IA C&A process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

• Participate in an IS risk assessment during the C&A process and design security countermeasures to mitigate identified risks.

• Provide engineering support to security/certification test and evaluation activities.

• Document system security design features and provide input to implementation plans and standard operating procedures.

• Recognize a possible security violation and take appropriate action to report the incident.

• Implement and/or integrate security measures for use in network system(s) and ensure that system designs incorporate security configuration guidelines.

• Ensure the implementation of NE IA policies into system architectures.

• Ensure the implementation of subordinate CE IA policies is integrated into the NE system architecture.

• Obtain and maintain IA baseline certification appropriate to position.

You’ll Bring These Qualifications:

• Bachelor's degree in Computer Science, or other Engineering or Technical discipline with an Information Security or Cyber Security Concentration.

• TS/SCI Clearance

• Seven years of professional experience, appropriate computing environment certification, and IA SYSTEM ARCHITECT AND ENGINEER (IASAE) SPECIALTY qualified in accordance with standards spelled out in DoD 8570.01-M and the Army Information Assurance (IA) Training and Certification Best Business Practice, corrected 6 Aug 2010

• Prior experience in design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for use within the Network Environment (NE) experience.

• Must have the ability to ensure that IA related IS will be functional and secure within the Network Environment and consequently the System of Systems environment.

• DoD 8570/8140 IAT-II certification

Note: Experience can substitute for college degree provided the person has BOTH the relevant experience AND is fully Information Assurance (IA) certified in accordance with AR 25-2, Information Assurance, and the associated best business practice for IA Training and certification (IA Training BBP).

What We Can Offer You:
- We’ve been named a Best Place to Work by the Washington Post.
- Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
- We offer competitive benefits and learning and development opportunities.
- We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.
- For over 60 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.

Company Overview:

CACI is an Equal Opportunity/Affirmative Action Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.

Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here

The proposed salary range for this position is: