---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Application Security Engineer
Location: Atlanta, Georgia, United States
Type: Permanent F/T
Closing Date: 2006-12-29
About INS:
INS is a leading global provider of business-driven information technology
consulting and software solutions. For more than a decade, we’ve been
helping organizations effectively use technology to achieve strategic business
goals. Our unique solution portfolio enables our customers to reduce costs,
increase flexibility, strengthen security, ensure compliance and improve
efficiency.
We apply our structured methodologies, strategic alliances and diverse industry
experience to deliver in-depth analyses and implement custom solutions aimed at
driving business growth. Our consultants hold over 1,100 certifications in 96
categories and our KnowledgeNet database gives them access to over 15 years
worth of intellectual property, solutions and proven techniques in an
easily-searchable format.
Our customers include global enterprises and service providers in all major
industries, including telecommunications, financial services, retail,
pharmaceutical/healthcare, manufacturing, government and travel and
transportation.
Position: Web Application Penetration Tester for the Ethical Hacking
Center
Location: Anywhere in the USA (Work from home / Telecommuting position)
Travel: Approximately 10% - 25%
http://www.ins.com/solutions/technical/default.aspx?id=864&terms=ethical%20hacking&searchtype=1&fragment=False&fragment=0&SearchType=AndWords&terms=ethical%20hacking
Key Responsibilities
The Security Consultant will be a member of the Ethical Hacking Center of
Excellence. Working individually and in teams, this individual will be
performing network and web application ethical hacking assessments on
multi-protocol enterprise network and application systems.
Duties may include:
• Requirements analysis and design
• Scoping of testing activity
• Vulnerability assessment
• Tools/script testing
• Troubleshooting
• Physical security audits, logical security audits, logical protocol and
traffic audits
• Training of client staff
Industry Experience:
- Background in the financial / banking industries a plus
Skills
Communications
• Teaming skills
• Solid written and oral communication
• Technical writing
• Business writing
• Effective listening
• Presentation development and delivery
Engagement Management
• Understanding of best-practice methodologies
Business Development
• Opportunity Identification
• Ability to articulate components of INS’ security consulting
offering as well as of INS’ associated services
Specific Technical Skills
• Desktop/Network Operating Systems: Windows, HP-UX, Linux, Solaris, AIX,
etc.
• Specific proxying tools such as Paros, Burp, Spike, Achilles "fault
injection"
• Commercial tools like Watchfire's AppScan, SPI Dynamics' WebInspect,
Kavado's Scando, Cenzic's Hailstorm, Application Security Inc.'s AppDetective,
freeware tools like Whisker and Nikto; Web Servers like Apache, IIS mention of
WebServices like XML, SOAP mention of web products like Siteminder, Entrust
getaccess, RSA Cleartrust
• Security Scanners: Nessus, nmap, Retina, Appscan
• Web application architecture
• Management Systems
• Physical/Data Link Layer
JOB REQUIREMENTS
---------------------------------------------------
Experience
• Security background (penetration test, C++, XML, and PERL programming
knowledge)
• Technical knowledge in network security products, cryptographic suites,
firewalls a plus
• Knowledge of computer forensics, network exploitation, ethical hacking,
penetration testing and tool development
• Experience in bypassing firewalls, evading intrusion detection are a
nice-to-have
• UNIX and Windows administration
• Experience in application level attacks
• Knowledge of the software development lifecycle in a large enterprise
Education
• Business, computer, or related technical degree from an accredited
institution
• CISSP, GIAC, CEH certifications are nice to have
Full benefits / 401k / stock options/ quarterly bonuses/ training/ professional
development offered.
CONTACT
---------------------------------------------------
Please send your resume to Brigitte Williams at brigitte.williams@ins.com.
INS
Brigitte Williams
brigitte.williams@ins.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
