Application Programmer (Cyber)

Oran Inc. is seeking a Secure Software Developer with strong experience in secure software development life cycle (SDLC), vulnerability testing, and application security. The ideal candidate will possess practical experience in Burp Suite, SpecFlow, Azure Defender for DevOps, and must demonstrate a moderate to expert understanding of the Department of Defense (DoD) and Department of the Army (DA) structure, regulations, and secure development policies. This role will play a critical part in delivering high-security applications aligned with the DoD/DA's mission and cybersecurity expectations.

Responsibilities:

• Design, develop, and maintain secure and scalable software applications that align with DoD and DA security policies and operational objectives.
• Implement security-focused coding practices, including static and dynamic code analysis.
• Utilize tools like Burp Suite for penetration testing and vulnerability scanning to ensure application security.
• Use SpecFlow to implement Behavior-Driven Development (BDD) testing strategies, ensuring robust automated testing coverage for secure features.
• Integrate Azure Defender for DevOps to manage security at each stage of the development lifecycle.
• Maintain comprehensive and secure CI/CD pipelines using Azure DevOps while embedding automated security checks and policies.
• Participate in security reviews, threat modeling, and code reviews.
• Collaborate with cybersecurity teams, developers, testers, and stakeholders to ensure security requirements are met.
• Ensure all developed applications are compliant with RMF, NIST 800-53, STIGs, and other applicable DoD/DA policies.
• Work closely with Information System Security Officers (ISSOs) and Authorization Officials (AOs) to align development with ATO requirements.
• Provide documentation and technical support during audits, vulnerability scans, and compliance reviews.

Required Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field.
• 5+ years of experience in secure software development.
• Proficient in at least one high-level programming language (C#, Java, Python, etc.).
• Hands-on experience with Burp Suite, SpecFlow, Azure Defender for DevOps.
• Experience integrating security into Agile and DevSecOps pipelines.
• Strong understanding of secure coding standards (OWASP Top 10, CWE/SANS Top 25, etc.).
• Demonstrated experience with DoD/DA systems and an understanding of DoD architecture, policy, and operational requirements.
• Familiarity with RMF, NIST, FISMA, and DoD STIGs.

Preferred Qualifications:

• Active DOD Clearance.
• Certifications: CSSLP, CISSP, Security+, CEH, or similar.
• Experience working on cloud-hosted environments, particularly Azure Government Cloud.
• Experience working with Army Futures Command, Army CIO/G-6, or similar organizations.
• Experience working within the Platform One, Iron Bank, or DoD DevSecOps reference architecture.
• Familiarity with DoD CAPs and secure integration with CAC/PIV-enabled systems.