Senior Software Developer - USBE-MH25274-DO3 - BOE - BOE IT - IT

Description

• The Utah State Board of Education (USBE) is seeking strong Senior Software Developers to work on a new event driven microservices designed system which will impact every student and teacher in Utah. We are looking for highly motivated individuals experienced in secure coding practices Test Driven Development Domain Driven Design microservices design and with the ability to incorporate/integrate data visualization capabilities into web applications.

The Ideal Candidate:

• The ideal candidate for this position is a highly skilled and motivated full stack developer.
• They have extensive experience with C# .NET CSS and Angular and are highly familiar with
• Kubernetes Azure and CosmosDB. They are passionate about microservices Domain Driven Design containerization and event driven architecture with knowledge of how these affect security and coding standards throughout the environment. Theyve worked in TDD and understand the purpose of testing while developing. They understand and drive conversations for improvement are enthusiastic about new technologies and love to impart this knowledge and enthusiasm with others.

Principal Duties

As a Senior Software Developer your responsibilities will include:

• Microservices development including domain modeling.
• Utilize software development best practices.
• Implement secure coding standards and practices.
• Develop web applications using technologies such as .NET C# CSS Angular and Azure.
• Collaborate and communicate effectively in an agile environment.
• Apply an engineering mindset.
• Contribute to the team in analysis design and testing within a Selenium framework.
• Apply systems engineering concepts such as structured design supportability reliability scalability and maintainability to ensure that applications are optimized and loosely coupled.
• Experience with container orchestration and building apps in containers.
• Desire and ability to communicate and collaborate at a high level.
• Strong customer service and customer relations skills.
• Excellent communication skills.
• Able to identify and develop creative solutions to problems.
• Strong understanding of data collections and data flow.
• Other duties as assigned.

Requirements:

• Degree B.S. in Computer Science Information Technology or equivalent experience.
• Functional Experience 5 years experience with .NET C# CSS Angular Kubernetes Azure Typescript SCSS Selenium SpecFlow CosmosDB microservices design and other technologies and tools.
• Functional Experience 7 years experience using secure coding practices Test Driven Development Domain Driven Design and implementation.
• Agile/Scrum Candidates must demonstrate experience in an agile product environment to include deep understanding and experience with agile methodologies.
• Interpersonal Relationships Candidates must demonstrate the ability to work well with others of all personality types while demonstrating problemsolving and the ability to prioritize tasks.
• Communication Candidates must demonstrate the ability to communicate in verbal and written form with both technical and nontechnical personnel.
• Initiative Candidates must demonstrate success as a selfstarting hardworking and inquisitive worker.
• Teamwork Candidates must demonstrate the ability to work with crossfunctional teams to deliver on a common goal.

Bonus skills:

• Certifications
  • Finance or Education Domain experience
  • Penetration Testing Security testing experience with OWASP etc.
  • DevOps tools experience maintaining pipelines containerization etc.

What the USBE agrees to do:

• The USBE PD Coordinator will direct all work of the vendor.
• The USBE PD Coordinator will approve and sign weekly timesheets.
• The USBE PD Coordinator will provide the vendor with an annual evaluation of the vendors effectiveness in implementing the contracts scope of work.
• Resources may have access to sensitive data including student personally identifiable information (PII). Accordingly resources must comply with applicable security measures including possibly mandatory background and security checks. In addition to the terms of State of Utah Contract #IT2462 this engagement shall also be governed by the following terms and conditions regarding student data privacy.

GENERAL PROVISIONS:

• USBE reserves all right title and interest including all intellectual property and proprietary rights in and to system data Data and all related data and content.
• Contractor is hereby designated as an agent of USBE for the limited purpose of receiving PII to fulfill the purposes of this contract. Contractor may use the PII as provided herein but may not transfer or otherwise convey PII to any other person persons or entities.
• Contractor as USBEs agent shall comply with all applicable laws and regulations including but not limited to FERPA the Utah Family Education Rights and Privacy Act Utah Code 53E92 (UFERPA) and the Individuals with Disabilities Educational Act 30 U.S.C. 1400 et seq. and 34 C.F.R. Part 300 (IDEA).
• Any terms that by their nature would survive the expiration of completion or termination of this Contract shall survive.
• Contractor shall upon written request permit USBE or its designated representatives to perform an assessment audit examination or review of all of Contractors sites and environments in order to confirm Contractors compliance with this Contract; associated Contractors or Scopes of Work; and applicable laws and regulations.
• During the term of this Contract if USBE requests the Destruction of PII collected generated or inferred as a result of this Contract Contractor shall Destroy the information within five (5) calendar days after the date of the request. Contractor shall provide USBE with written confirmation of the date the data was Destroyed.
• USBE retains the right to use the established operational services to access and retrieve Data stored on Contractors infrastructure at its sole discretion.
• The USIMS project is comprised of professionals working in an environment supported by multiple vendors that provide contractor personnel. As a standard of workplace conduct it is inappropriate for contractors to discuss individual hourly rate or contract rate information in the workplace with anyone other than the USIMS Project Manager or USBE Information Technology Leadership.

ACCESS TO DATA:

• Contractor shall limit access to Data to Authorized Persons only and shall require a nondisclosure agreement be signed by all Authorized Persons prior to being granted access to Data.
• Contractor shall maintain past and current lists of all Authorized Persons maintain each nondisclosure agreement and shall permit inspection of the same by USBE upon request.
• Contractor shall maintain an audit trail for the duration of this Contract which reflects the granting and revoking of access privileges to Authorized Persons. A copy of this audit trail may be requested by USBE from Contractor at any time and shall be provided within 10 days of the USBE request.
• Contractor shall have strong access controls in place. Contractor shall disable and/or immediately delete unused and terminated Authorized Persons accounts and shall periodically assess account inactivity for potential stale accounts.
• Contractor shall provide annual mandatory privacy and security awareness and training for all Authorized Persons maintain past and current lists of Authorized Persons that have completed training and permit inspection of the same by USBE upon request.

USE AND DISCLOSURE OF DATA:

• Contractor shall not collect use or share Data beyond the purposes set forth as follows:
  • To carry out the Contractors responsibilities listed in this Statement of Work.
• Contractor shall share Data only for the purposes stated in Section 48.1 and only with the following entities:
  • Law enforcement agencies or individuals only as authorized by law or court order. Contractor receives such a request Contractor shall notify USBE within two (2) business days of the receipt of the request as permitted by law.
  • Click here to list additional entities.
• If Contractor seeks to publicly release Data Contractor must aggregate the Data by totaling the Data and reporting it at the group cohort school school district region or state level. Contractor shall upon request of USBE provide USBE with a document that lists the steps and methods the Contractor shall use to deidentify the information. Any aggregate data that is publicly released without being redacted using the methods in this section shall be considered an Incident. The following methods shall be used on any aggregated reports:
  • Aggregate data shall be reported publicly only if there is a sufficient number of individuals represented in any demographic or subgroup so that an individual cannot be identified.
  • Aggregated reports shall be redacted using complementary suppression methods that remove the risk of Data being identifiable using simple mathematics or formulas.
  • Aggregated reports shall be redacted to remove identifiability risks caused other prior releases of aggregate data by Contractor.
• Contractor shall not use Data for the purposes of Targeted Advertising except under the following conditions:
  • For adaptive learning or customized student learning purposes.
  • To market an educational application or product to a parent or legal guardian of a student if Contractor did not use Data shared by or collected per this Contract to market the educational application or product.
  • To use a recommendation engine to recommend to a student (i) content that relates to learning or employment within the thirdparty contractors internal application if the recommendation is not motivated by payment or other consideration from another party; or (ii) services that relate to learning or employment within the thirdparty contractors internal application if the recommendation is not motivated by payment or other consideration from another party;
  • To respond to a student request for information or feedback if the content of the response is not motivated by payment or other consideration from another party.
  • To use Data to allow or improve operability and functionality of the thirdparty contractors internal application.
• Contractor shall not sell or otherwise monetize Data except Data transferred through the purchase of merger with or otherwise acquisition of Contractors provided that all parties remain in compliance with this Contract.

SECURITY AND PROTECTION OF DATA:

• Contractor shall notify USBE of material system changes that may negatively impact the security of Data prior to such changes being implemented.
• If Contractor is given Data as part of this Contract the protection of Data shall be an integral part of the business activities of Contractor to ensure that there is no inappropriate or unauthorized use of Data. Contractor shall safeguard the confidentiality integrity and availability of Data.
• Contractor shall comply with and protect and maintain Data using methods that are at least as good as or better than that established in the State of Utahs Department of Technology Policies ().
• Contractor shall only transmit or exchange Data via secure means (ex. HTTPS or FTPS). Contractor shall not use store or process Data on any unencrypted portable or laptop computing device or any portable storage medium.
• Contractor shall store and maintain all Data in data centers located in the United States.
• Contractor shall permit its employees and Subcontractors to access Data remotely only via a secured manner such as Virtual Private Networks (VPN).
• Contractor shall store all Data as well as any backups made of that data in encrypted form using no less than 128bit key and include all Data as part of a designated backup and recovery process.
• Contractor shall enforce strong password protections on all devices and networks with access to or that store Data.

INCIDENTS:

• If Contractor becomes aware of an Incident involving Data by either Contractor or any of Contractors Subcontractors Contractor shall notify USBE within one (1) calendar day and cooperate with USBE regarding recovery remediation and the necessity to involve law enforcement if any.
• Contractor shall produce a written remediation plan that includes information about the cause and extent of the Incident and the actions Contractor will take to remediate the Incident and to reduce the risk of incurring a similar type of Incident in the future. Contractor shall present its analysis and remediation plan to USBE within ten (10) calendar days of notifying USBE of an Incident. USBE reserves the right to adjust this
• plan in its sole discretion. If Contractor cannot produce its analysis and plan within the allotted time USBE in its sole discretion may perform such analysis and produce a remediation plan and Contractor shall reimburse USBE for the reasonable costs thereof.
• In the event of an Incident Contractor shall provide USBE or its designated representatives with access seven (7) days a week twentyfour (24) hours a day for the purpose of evaluating mitigating or resolving the Incident.
• Unless Contractor can establish that Contractor or any of its Subcontractors is not the cause or source of the Incident Contractor shall be responsible for the cost of notifying each person whose personal information may have been compromised by the Incident.
• Disclosure of Data by Contractor or any Subcontractor for any reason may be cause for legal action by third parties against Contractor the State or their respective agents. Contractor shall indemnify save and hold harmless the State its employees and agents against any and all claims damages liability and court awards including costs expenses and attorney fees incurred as a result of any act or omission by Contractor or its employees agents Subcontractors or assignees pursuant to this Contract. Notwithstanding any other provision of this Contract Contractor shall be liable to the State for all direct consequential and incidental damages arising from an Incident caused by Contractor or its Subcontractors.