We are pleased to present the following job opportunity with our client! Take a look and if you meet the requirements please submit your resume and we'll be in touch if you're a good fit!
You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities.
The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus.
• BS/MS in Computer Science (or relevant work experience in a large scale IT environment)
• Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)
• Knowledge of network and Web related protocols/technologies
• Ability to demonstrate manual web application testing experience
• Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accuntix, NTO Spider, Burpsuite Pro etc.)
• Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
• Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
• Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
• Demonstrated ability to learn and apply critical thinking to a variety of situations
• One or more of the following certifications: CISSO, GWAPT, CEH, OSCP (or qualified work experience)
• Experience as a developer
• Mobile programming abilities such as Xcode, Objective-C
• Knowledge of a Structured Query Language
Specific Skillsets Desired:
• Expert in performing Application Security, Penetration Tester (Web, Mobile, WebServices) with deep understanding of risks associated with application security vulnerabilities.
• SME Level knowledge in the use of Application Security Scan Tools (ie BURP, AppScan, WebInspect, SOAP UI or etc)
• Certifications (OSCP, OSCE a plus)
Additional Locations:Charlotte NC, Washington DC, Denver CO, Addison TX