View Our Website View All Jobs

Application Security Lead - USCG APLES 2


Are you looking for a place to invest in your future? Then consider a position with TechFlow where we have been providing opportunities for individuals to explore, learn and develop their careers for more than 20 years. Here at TechFlow, you will work with best-of-breed technologies and work in a challenging, dynamic environment where opportunities for training and advancement are provided. TechFlow promotes a work live balance and we offer;

Innovative compensation plans
Flexible Spending Plans
401K (with employer matching)
Employee Stock Ownership Plan
Life Insurance
Education Assistance.

TechFlow is an employee owned technical services Government Contractor that provides quality IT services to the government in software development, business and process analysis, technology and scientific support services.  TechFlow is committed to exceeding our client's expectations by creating an intimate partnership where we work cohesively to help our clients solve their business problems using the latest in web-based and integration technologies. TechFlow is headquartered in San Diego, CA and has offices in Albuquerque, NM, Arlington, VA and Idaho Falls, ID.

TechFlow’s Digital Services Development Department, responsible for designing, developing and deploying software for the U.S. Government has an opening for an Application Security Lead.

Note: This position is contingent upon successful contract award of the APLES 2 program.

Position Description:

The Application Security Lead will provide technical, administrative and security management services for the area of A&A by conducting IT evaluations and assessments and performing documentation support services for solutions developed by the program. Additionally, the Application Security Lead will ensure full compliance with the client IT security program.

Duties and Responsibilities:

- The Application Lead will lead a team of experts in managing, evaluating and auditing all Contract required IT systems to ensure compliance with client IT Security standards as set forth in the client IT Security program.
- Perform A&A of all Contract, Contractor-Supplied Images, applications and stand-alone systems and general support systems used in support of the client support services contract.
- Depending on the classification of a system, the Application Security Lead shall use the client guidelines for conducting information system certifications. In addition, the Application Security Lead shall use current Guides to the Certification and Accreditation Process as guidance for the client certification methodology.
- Comply with the defined A&A process. The process consists of (i) generating an information system initial risk assessment report, (ii) developing the system security plan (SSP), and, (iii) supporting the security testing and evaluation, independent verification and validation, independent audits. The SSP is updated in each phase/step as the system development progresses and new information becomes available.
- Obtain, retrieve, compile, draft and prepare necessary documentation for inclusion to the SSP. The Contractor shall ensure that all drafts go thru Quality Assurance Review prior to delivery.
- Verify the accuracy of the System Security Plan (SSP), system architectural diagrams and identity of the systems being accredited as SBU, Classified, or higher levels.
- Provide guidance to application development teams on techniques and methods for incorporating good security practices into the development lifecycle.

-Experience with transitioning DICAP to RMF
- Perform and conduct independent Test and Evaluation to ensure that the system’s confidentiality, integrity and availability are maintained at the standards that are in accordance with client and Contract standards including Federal Information Processing Standards (FIPS) 140 and 199
- Perform System Architectural Analysis to include review of network connections and interfaces, review system application specification and requirements, specifically those relevant to system security and review other pertinent system development life cycle documentation.
- Assemble packages at the direction of the Government Client or Contract Management and provide copies of the package as needed.
- Prepare the package for delivery to management in order to obtain signature from the Certification Authority, who grants certification and the DAA or Authorizing Official, who grants the accreditation, which results in an approval to operate the system.
- Monitor dashboards to ensure and assist in validating that all security criteria and regulatory requirements are maintained and that changes that affect the A&A documentation are denoted.
- Use the government-appointed tool to input information or create an A&A package during the A&A process.
- Maintain compliance with both client IT Security policies and client’s continuous monitoring reporting requirements as required by the Federal Information Security Modernization Act (FISMA).
- Responsible for the development of IT security policies and maintaining acceptable level of integrity in use of IT on the contract. Responsible to develop IT security and protection training to all staff and specialized IT training to IT security staff.
- Responsible to report in breeches or attempt in beeches in IT security per the developed IT Security Plan.
- Responsible to develop the IT Security Plan.
- Report on program security status at monthly program reviews

Required qualifications to be successful in this role:

- Due to the nature of the government contract requirements and/or clearance requirements, US citizenship is required.
- Must have a Masters Degree in a related field.
- Must have an active CISSP

- ISC2 would be a plus.
- Must have a minimum of 10 years’ experience of Information Systems Security in support of the DHS or the DoD.
- Must be able to pass a CGI background check to start and maintain employment.
- Due to the nature of this government contract, US Citizenship is required.
- ITIL certification preferred

Please Note:
• TechFlow is an equal opportunity employer.
• Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
• U.S. Citizenship is required.
• Work location is in Kearneysville, WV

Read More

Apply for this position

Apply with Indeed
Attach resume as .pdf, .doc, or .docx (limit 2MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity / Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.

Invitation for Job Applicants to Self-Identify as a U.S. Veteran
  • A “disabled veteran” is one of the following:
    • a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or
    • a person who was discharged or released from active duty because of a service-connected disability.
  • A “recently separated veteran” means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.
  • An “active duty wartime or campaign badge veteran” means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.
  • An “Armed forces service medal veteran” means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.
Veteran status

Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 1/31/2020
Why are you being asked to complete this form?

Because we do business with the government, we must reach out to, hire, and provide equal opportunity to qualified people with disabilities.i To help us measure how well we are doing, we are asking you to tell us if you have a disability or if you ever had a disability. Completing this form is voluntary, but we hope that you will choose to fill it out. If you are applying for a job, any answer you give will be kept private and will not be used against you in any way.

If you already work for us, your answer will not be used against you in any way. Because a person may become disabled at any time, we are required to ask all of our employees to update their information every five years. You may voluntarily self-identify as having a disability on this form without fear of any punishment because you did not identify as having a disability earlier.

How do I know if I have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Blindness
  • Deafness
  • Cancer
  • Diabetes
  • Epilepsy
  • Autism
  • Cerebral palsy
  • Schizophrenia
  • Muscular dystrophy
  • Bipolar disorder
  • Major depression
  • Multiple sclerosis (MS)
  • Missing limbs or partially missing limbs
  • Post-traumatic stress disorder (PTSD)
  • Obsessive compulsive disorder
  • Impairments requiring the use of a wheelchair
  • Intellectual disability (previously called mental retardation)
Please check one of the boxes below:

You must enter your name and date
Your Name Today's Date
Reasonable Accommodation Notice

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

iSection 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.