Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Jobs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[SJ-JOB] Security Researcher, Santa Clara

from [Jeffrey . Lovelace] Network Security [Permanent Link]
Subject: [SJ-JOB] Security Researcher, Santa Clara
Date: 29 Nov 2006 16:54:26 -0000 
---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------


JOB DESCRIPTION
---------------------------------------------------
Position:       Security Researcher
Location:       Santa Clara, California, United States
Type:           Permanent F/T

Closing Date:   2006-12-29

THE REVOLUTION STARTS WITH YOU AT WEBEX COMMUNICATIONS, INC.

Webex Communications, Inc. is the global leader of on-demand applications for 
collaborative business on the web. Founded in 1996, Webex has grown into the #1 
web conference provider in the world, with 64% market share and over 22,000 
customers around the world. By integrating innovative solutions, world class 
technology, state-of-the-art security and confidentiality, and outstanding 
service and support, Webex continues to lead the way in software services.

Senior Security Researcher

Summary:
WebEx Security is looking for a security professional to lead ongoing 
application security initiatives. This person will be an internal expert in 
finding and fixing security issues in our applications at all stages of the 
software development cycle. They will serve as a trusted resource for 
development and QA teams, and engage in high profile work. There will be 
regular interaction with individuals responsible for platform and operational 
security, outsourced security testers, and occasional meetings with customers. 
The Security Engineering and Operations department is a dynamic team 
responsible for security of applications, operations, and internal business 
units. Individuals focus on one area but regularly collaborate with others on 
the team. This position reports to the Manager of Security Engineering and 
Operations, and will be an integral part of that team.

Position Responsibilities: 
&#149;Lead WebEx's application security efforts
&#149;Advocate strong security across the enterprise
&#149;Provide specialized technical assistance to various departments
&#149;Identify potential areas for abuse in new and existing applications and 
confirm through testing
&#149;Identify areas for improvement related to security in existing 
development and QA processes
&#149;Justify and articulate application security requirements
&#149;Conduct application security reviews at various points in the SDLC &#150; 
including design reviews, code reviews, and internal pen test activity
&#149;Coordinate outsourced reviews and pen tests
&#149;Document open issues and requirements, and track status thereof
&#149;Help design security-related functionality and verify proper 
implementation thereof
&#149;Present application security issues to technical and non-technical 
audiences
&#149;Maintain understanding of latest application exploits. Identify and 
assess their associated risks in regard to WebEx applications and 
infrastructure. Communicate those risks to management and recommend 
corresponding remediation strategies. This may include design, and 
documentation of technical solutions.
&#149;Maintain secure coding guidelines
&#149;Educate development and QA teams on security practices by personal 
example, hands on training, and occasional presentations
&#149;Serve as a resource to platform security team for discussion of third 
party exploits and potential impacts
&#149;Identify and assist in evaluations of new technologies, tools, and 
processes for integration into the existing security program and SDLC. This may 
also include design and development of tools to be utilized by Security, QA, 
and development teams for automation and more efficient discovery and 
resolution of security issues
&#149;Stay current on relevant trends and technologies, to maintain and 
increase WebEx&#146;s overall security posture 
&#149;Rotating on-call for operational incident response
&#149;Position requires some after-hours (nights and weekend) work, and 
occasional travel, but is mostly 8AM to 5PM, M-F



JOB REQUIREMENTS
---------------------------------------------------
Position Requirements:
&#149;  Must have hands-on practical information security experience in a large 
organization, with a thorough understanding of information security fundamentals
&#149;  Detailed understanding of attack methods, methodologies, and 
countermeasures
&#149;  Familiarity with a broad depth of exploit classes, including buffer 
overflows, SQL injection, and others
&#149;  Solid understanding of malware and their workings
&#149;  Experience testing the integrity of software application security, 
including use of pen testing tools
&#149;  Experience leading code reviews, pen tests, or similar projects
&#149;  Ability to craft exploits for demo purposes
&#149;  Strong understanding of secure application architectures
&#149;  Expert knowledge of encryption technologies and implementations
&#149;  Detailed understanding of the complexity and development effort in 
coding specific solutions
&#149;  Previous software development experience &#150; candidate should have 
experience working with product managers, QA teams, and application developers
&#149;  Expert programming skills &#150; Java, C, C++, and web application 
development
&#149;  Strong oral and written communication skills, including the ability to 
effectively convey technical information to all levels of the organization
o       Should be comfortable presenting to small and medium size audiences
o       Proven documentation skills
&#149;  Strong Team Player with solid interpersonal skills. A collaborative 
work ethic is necessary for success in this team. Must be able to work closely 
with all levels throughout the organization.
&#149;  Effective project management &#150; must be able to manage multiple 
simultaneous security reviews, and track status of open items and corresponding 
remediation schedules
&#149;  U.S. Citizenship
&#149;  Candidate must be self-directed, and willing to pursue and maintain 
various technical/security certifications as necessary for the position


Preferred Qualifications:
&#149;  Ability to speak/read/write Mandarin
&#149;  Expertise in PHP, J2EE, and Java Script
&#149;  Experience teaching security coding practices and security focused QA 
testing/pen testing skills and methodologies
&#149;  Database administration experience
&#149;  Experience with Voice over IP and security risks of associated 
protocols and implementations
&#149;  System administration experience
&#149;  Working knowledge of IP networking, and common Internet technologies 
(DNS, SMTP, SSH, etc, including a good understanding of secure infrastructure 
architectures
&#149;  CISSP
&#149;  Technical certifications that support job duties
&#149;  Military service with information security responsibilities
&#149;  Bachelor or higher in Computer Science, Engineering, or equivalent 
technical field, plus 5+ years of technical security experience, or an 
equivalent combination of education and work experience
&#149;  Please forward resumes to: Jeffrey.Lovelace@webex.com

If you are interested in working with a technology leader, enjoy a fast-paced, 
growing corporate culture, and working with bright and talented colleagues, 
then Webex may be the home for you. We offer competitive salaries and 
commissions, stock options and full benefits, includ&not;ing 401(k). 

Webex Communications Inc is an Equal Opportunity Employer



CONTACT
---------------------------------------------------


WebEx Communication
Jeffrey Lovelace
Sr. Corporate Recruiter
Jeffrey.Lovelace@webex.com



---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.

http://www.securityfocus.com/jobs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [SJ-JOB] Sales Engineer, Bay Area, adaniels
Next by Date:  [SJ-JOB] Developer, Cleveland, jobs
Previous by Thread:  [SJ-JOB] Security Researcher, Santa Clara, john
Next by Thread:  [SJ-JOB] Forensics Engineer, Arlington, katie . hanson
Indexes:  [Date] [Thread] [Top] [All Lists]