---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Consultant
Location: Redmond, Washington, US
Type: Permanent F/T
Closing Date: 12/21/2004
Computer security consulting firm established in 2002 has built solid client
relationships and is seeking several qualified people to join the team. We're
looking primarily for experienced professionals who can hit the ground running
(but, we'll consider recent college graduates who have the knowledge minus the
work experience.)
This work primarily involves testing applications to identify security bugs and
weaknesses. Applications might be web-apps, custom protocols, managed or
unmanaged code, 32bit or 64bit. You should understand concepts and
technologies used to bulid large, complex distributed applications in Microsoft
Windows environments.
The work location is Redmond, Washington.
We're looking for full-time but we will consider contract to hire.
Compensation is negotiable.
Again, you should be good at testing software to find security bugs. You
should know the methodologies and tools, and be able to write custom scripts or
code for fuzzing and other types of security-focused testing.
If this is you or you feel like you're not too far from this then contact me
immediately.
JOB REQUIREMENTS
---------------------------------------------------
We're looking for people with the following:
A consulting or development background with experience in application
technologies such as ASP, ActiveX, COM, XML, web services, etc.
Web application security assessment experience using public and custom tools
as well as source code review.
Understanding types of vulnerabilities, from - buffer/heap overflows, SQL
injection, DoS, session hijacking, XSS, MITM, configuration weaknesses, etc).
Ability to differentiate between implementation bugs and architectural flaws
with firm understanding of the SDLC.
Comprehensive understanding of industry standard security protocols, security
best practices and tools and methodologies to evaluate the security of an
implementation.
Experience performing security audits, theoretical threat modeling, reverse
engineering, penetration-testing, and solid experience in application level
attacks.
Software Testing Skills:
A thorough background in software testing methodologies as it relates to
security and prior experience in performing white/gray/black box testing and
code-coverage analysis.
Knowledge of the software development and software testing lifecycle in a
large-scale corporate environment.
Must be capable of conducting methodical penetration tests and analysis of
complex web applications.
Basic Consultant Skills:
Superior writing and reporting skills (samples welcomed).
Good attitude and ability to interface directly with clients developers,
managers, and testers.
Bonus Skills:
Would love to have hardcore programming, debugging, code-path analysis, code
review, and shell coding skills.
CONTACT
---------------------------------------------------
Just get in touch with me directly. If you are in the Seattle area already
then we can meetup for a beer or something. Otherwise send me your phone
number and let's see what happens!
Chris Weber
HR
Casaba Security
chris@casabasec.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
