---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Engineer
Location: Waqshington, District of Columbia, United States
Type: Permanent F/T
Closing Date: 2007-04-22
Application Security Engineer
1. Review code such as C, Perl and
Java for vulnerabilities;
2. Add value and enhancements to
software lifecycle process;
3. Review and provide appropriate
reports of ASP, Visual C++, and other Windows-based technologies;
4. Review implementation of different
application servers including Tomcat, Oracle Application Server, WebSphere, ATG
Dynamo, and WebLogic. Understand 3-tier architecture and the functional
components of each layer;
5. Assist in developing process and
procedures for review of vulnerability data; and
6. Provide guidance on potential
exploit data and impacts to existing applications.
7. Will be involved with the
following: Input Validation (SQL Injection, Cross Site Scripting,
Buffer Overflows etc), Authentication ; Authorization; Cryptography;
Cryptographic Algorithms and Associated Parameters; Cryptographic Keys
Protection; Cryptographic Protocols and Associated Parameters; Cryptographic:
Using Public Key Infrastructure ; Cryptography for Confidentiality; Application
Security; General Authentication; Output Validation; Passwords; Password
Complexity; Password Expiration and Lockout; Password Transmission and Storage;
Passwords Protection; Production Application Instance Sensitive Information;
State Management : Cookies and Session; Trust
*THIS IS "NOT" a Developer it's a engineer! Skill set is more on the Technical
background and personality--NO CHIEFS needs TEAM player's.
Applicants selected will be subject to a government security investigation and
must meet eligibility requirements for access to classified
information.
Must be clearable to the Top Secret level.
Experience in C/C++, Java, XML, XSLT. Must have knowledge of
firewalls, access control, VPNs Crypto experience such as SSL/TLS,
IPsec.
Experience in XMLdsig/XMLenc/WS-Sec/SAML is necessary. E
xperience with application level firewall and PKI.
Experience with runtimes or OS kernels Layer 6 / Layer 7 application-aware
routing experience.
Requires 2 years of related security experience with a BS degree.
If candidate does not possess a degree then he/she must possess 6 years of
experience.
Current Certified Information Systems Security Professional (CISSP), or similar
security professional certification preferred.
JOB REQUIREMENTS
---------------------------------------------------
Application Security Engineer
1. Review code such as C, Perl and
Java for vulnerabilities;
2. Add value and enhancements to
software lifecycle process;
3. Review and provide appropriate
reports of ASP, Visual C++, and other Windows-based technologies;
4. Review implementation of different
application servers including Tomcat, Oracle Application Server, WebSphere, ATG
Dynamo, and WebLogic. Understand 3-tier architecture and the functional
components of each layer;
5. Assist in developing process and
procedures for review of vulnerability data; and
6. Provide guidance on potential
exploit data and impacts to existing applications.
7. Will be involved with the
following: Input Validation (SQL Injection, Cross Site Scripting,
Buffer Overflows etc), Authentication ; Authorization; Cryptography;
Cryptographic Algorithms and Associated Parameters; Cryptographic Keys
Protection; Cryptographic Protocols and Associated Parameters; Cryptographic:
Using Public Key Infrastructure ; Cryptography for Confidentiality; Application
Security; General Authentication; Output Validation; Passwords; Password
Complexity; Password Expiration and Lockout; Password Transmission and Storage;
Passwords Protection; Production Application Instance Sensitive Information;
State Management : Cookies and Session; Trust
*THIS IS "NOT" a Developer it's a engineer! Skill set is more on the Technical
background and personality--NO CHIEFS needs TEAM player's.
Applicants selected will be subject to a government security investigation and
must meet eligibility requirements for access to classified
information.
Must be clearable to the Top Secret level.
Experience in C/C++, Java, XML, XSLT. Must have knowledge of
firewalls, access control, VPNs Crypto experience such as SSL/TLS,
IPsec.
Experience in XMLdsig/XMLenc/WS-Sec/SAML is necessary. E
xperience with application level firewall and PKI.
Experience with runtimes or OS kernels Layer 6 / Layer 7 application-aware
routing experience.
Requires 2 years of related security experience with a BS degree.
If candidate does not possess a degree then he/she must possess 6 years of
experience.
Current Certified Information Systems Security Professional (CISSP), or similar
security professional certification preferred.
Joshua Leshner
Recruiting Manager
CONTACT
---------------------------------------------------
Joshua Leshner
Recruiting Manager
Starpoint Solutions
Office (703) 860-6560
josh.leshner@starpoint.com
http://www.starpoint.com
Starpoint Solutions
Joshua Leshner
Operations and Recruiting Manager
josh.leshner@starpoint.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
