Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Jobs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SJ-JOB] Security Researcher, Santa Clara

from [john] Network Security [Permanent Link]
Subject: [SJ-JOB] Security Researcher, Santa Clara
Date: 21 Nov 2006 22:31:56 -0000 
---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------


JOB DESCRIPTION
---------------------------------------------------
Position:       Security Researcher
Location:       Santa Clara, California, United States
Type:           Permanent P/T

Closing Date:   2006-12-15

Senior Security Researcher

Summary:
Looking for a security professional to lead ongoing application security 
initiatives. This person will be an internal expert in finding and fixing 
security issues in our applications at all stages of the software development 
cycle. They will serve as a trusted resource for development and QA teams, and 
engage in high profile work. There will be regular interaction with individuals 
responsible for platform and operational security, outsourced security testers, 
and occasional meetings with customers. The Security Engineering and Operations 
department is a dynamic team responsible for security of applications, 
operations, and internal business units. Individuals focus on one area but 
regularly collaborate with others on the team. This position reports to the 
Manager of Security Engineering and Operations, and will be an integral part of 
that team.
Position Responsibilities: 
&#149;  Lead application security efforts
&#149;  Advocate strong security across the enterprise
&#149;  Provide specialized technical assistance to various departments
&#149;  Identify potential areas for abuse in new and existing applications and 
confirm through testing
&#149;  Identify areas for improvement related to security in existing 
development and QA processes
&#149;  Justify and articulate application security requirements
&#149;  Conduct application security reviews at various points in the SDLC 
&#150; including design reviews, code reviews, and internal pen test activity
&#149;  Coordinate outsourced reviews and pen tests
&#149;  Document open issues and requirements, and track status thereof
&#149;  Help design security-related functionality and verify proper 
implementation thereof
&#149;  Present application security issues to technical and non-technical 
audiences
&#149;  Maintain understanding of latest application exploits. Identify and 
assess their associated risks in regard to applications and infrastructure. 
Communicate those risks to management and recommend corresponding remediation 
strategies. This may include design, and documentation of technical solutions.
&#149;  Maintain secure coding guidelines
&#149;  Educate development and QA teams on security practices by personal 
example, hands on training, and occasional presentations
&#149;  Serve as a resource to platform security team for discussion of third 
party exploits and potential impacts
&#149;  Identify and assist in evaluations of new technologies, tools, and 
processes for integration into the existing security program and SDLC. This may 
also include design and development of tools to be utilized by Security, QA, 
and development teams for automation and more efficient discovery and 
resolution of security issues
&#149;  Stay current on relevant trends and technologies, to maintain and 
increase  overall security posture 
&#149;  Rotating on-call for operational incident response
&#149;  Position requires some after-hours (nights and weekend) work, and 
occasional travel, but is mostly 8AM to 5PM, M-F




JOB REQUIREMENTS
---------------------------------------------------
Position Requirements:
&#149;  Must have hands-on practical information security experience in a large 
organization, with a thorough understanding of information security fundamentals
&#149;  Detailed understanding of attack methods, methodologies, and 
countermeasures
&#149;  Familiarity with a broad depth of exploit classes, including buffer 
overflows, SQL injection, and others
&#149;  Solid understanding of malware and their workings
&#149;  Experience testing the integrity of software application security, 
including use of pen testing tools
&#149;  Experience leading code reviews, pen tests, or similar projects
&#149;  Ability to craft exploits for demo purposes
&#149;  Strong understanding of secure application architectures
&#149;  Expert knowledge of encryption technologies and implementations
&#149;  Detailed understanding of the complexity and development effort in 
coding specific solutions
&#149;  Previous software development experience &#150; candidate should have 
experience working with product managers, QA teams, and application developers
&#149;  Expert programming skills &#150; Java, C, C++, and web application 
development
&#149;  Strong oral and written communication skills, including the ability to 
effectively convey technical information to all levels of the organization
o       Should be comfortable presenting to small and medium size audiences
o       Proven documentation skills
&#149;  Strong Team Player with solid interpersonal skills. A collaborative 
work ethic is necessary for success in this team. Must be able to work closely 
with all levels throughout the organization.
&#149;  Effective project management &#150; must be able to manage multiple 
simultaneous security reviews, and track status of open items and corresponding 
remediation schedules
&#149;  U.S. Citizenship
&#149;  Candidate must be self-directed, and willing to pursue and maintain 
various technical/security certifications as necessary for the position


Preferred Qualifications:
&#149;  Ability to speak/read/write Mandarin
&#149;  Expertise in PHP, J2EE, and Java Script
&#149;  Experience teaching security coding practices and security focused QA 
testing/pen testing skills and methodologies
&#149;  Database administration experience
&#149;  Experience with Voice over IP and security risks of associated 
protocols and implementations
&#149;  System administration experience
&#149;  Working knowledge of IP networking, and common Internet technologies 
(DNS, SMTP, SSH, etc, including a good understanding of secure infrastructure 
architectures
&#149;  CISSP
&#149;  Technical certifications that support job duties
&#149;  Military service with information security responsibilities
&#149;  Bachelor or higher in Computer Science, Engineering, or equivalent 
technical field, plus 5+ years of technical security experience, or an 
equivalent combination of education and work experience
&#149;  



CONTACT
---------------------------------------------------
Please forward a Word Version Resumes to: John@altaassociates.com


Alta Associates, Inc
John Ahn
Sr Recruiter
john@altaassociates.com



---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.

http://www.securityfocus.com/jobs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [SJ-JOB] Security Engineer, White Plains, cshea
Next by Date:  [SJ-JOB] Forensics Engineer, Arlington, katie . hanson
Previous by Thread:  [SJ-JOB] Security Engineer, White Plains, cshea
Next by Thread:  [SJ-JOB] Security Researcher, Santa Clara, Jeffrey . Lovelace
Indexes:  [Date] [Thread] [Top] [All Lists]