---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Application Security Architect
Location: Austin, , United States
Type: Permanent F/T
Closing Date: 2007-02-17
The Application Security Consultant will perform application related consulting
activities for this company.
These activities will include application security assessments, secure design
and deployment reviews, Threat Modeling, code reviews, (whitebox) static code
analysis, network penetration testing, developer training and implementing of
testing strategies and security controls within corporate SDLC processes and
policies.
JOB REQUIREMENTS
---------------------------------------------------
The Application Security Consultant must possess the following qualifications:
Professional Qualifications
• Experience creating and reviewing technical documentation.
• Exhibits a professional and positive attitude
• Adapts readily to change
• Strong problem solving and analytical skills
• Strong written and oral communication skills
• Strong interpersonal skills
• Self-motivated, results oriented individual
• Strong multi-tasking ability
• Strong Project Management and Time management skills
Technical Qualifications
• Deep understanding of .NET and J2EE architectures and supporting
technologies with a focus on the security implications of the technologies and
how to mitigate the potential vulnerabilities imposed by insecure application
development. Solid coding skills in C/C++, .NET framework, and Java / UML and
OO methodologies
• Knowledge of database environments like Oracle, MS SQL and DB2, a plus
• Ability to provide training to customers technical staff covering
application security testing tools and testing methodologies, application
security best practices, secure code development practices, identifying
security flaws in code, and mitigating security strategies for applications
from the code level to the network
• Knowledge to perform application threat modeling, code reviews and
integrate security testing methodologies within corporate SDLC practices and
performing code review
• Knowledge of the OWASP minimum security standards for web applications
and experience implementing those testing methodologies and secure development
standards
• Expert-level knowledge of the principles of authentication,
authorization, availability, confidentiality, integrity, non- repudiation and
the technical means of achieving these principles;
• Experience with application security testing tools such as FXCop,
Prefast, Fortify, WebInspect, WebScarab, Paros, etc.
• Two + years of related experience.
• At least one technical certification such as MSCD, MCSE, CISSP, CCNA,
CCDA, CCSA, GIAC, QDSP, QPASP. (CISSP preferred)
Misc:
Ideally, we're looking for someone with a software development background and
that has been in the idustry for at least 3 years.
This candidate may have a security background, but we're willing to train this
developer if they have a weak security background.
Work experience in a large corporation is a plus.
CONTACT
---------------------------------------------------
Please email resumes to agcaoip@yahoo.com
You will be contacted shortly if your resume matches our requirements.
Name Withheld
P Agcaoili
Application Security Consultant
agcaoip@yahoo.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
