---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Application Security Engineer
Location: Burnaby, British Columbia, Canada
Type: Permanent F/T
Closing Date: 2007-06-09
Information Security Testing Specialist– Ref # 1211
The successful candidate will ensures the security of the company's custom
applications and related implementations by identify potential vulnerabilities
and appropriate controls, guiding risk mitigation, and liaising with
engineering and management teams, business owners, and global technical
workgroups.
Duties and Responsibilities:
·Perform highly technical / analytical security assessments of custom
web applications, including manual penetration testing, source and
configuration review, and design based analysis of risks and controls
·Develop understanding of business functionality and apply testing
methodology as appropriate to technologies and risks
·Configure and employ security software and apply results to security
analysis
·Code and demonstrate proof-of-concept exploits of vulnerabilities
·Plan and coordinate security projects according a structured process,
including managing schedule and generating detailed documentation of project
approach and results
·Provide implementation recommendations and track remediation efforts
·Coordinate efforts of various units in planning, execution, and
mitigation of identified vulnerabilities
·Lead other team members and act as project manager on selected security
projects
·Ensure that company policies are implemented, enforced, and enhanced
when appropriate
·Lead / participate in team discussions to formulate new or enhance
existing processes, policies, and standards
·Help define security baseline of hardware, software and information
systems
·Evaluate new security technologies
·Evaluate, procure, and maintain hardware and software tools that enable
this role
·Monitor security industry information sources and keep abreast of
events, research, and developments
·Assist in security incident response activities
·Develop in-house solutions, when necessary, e.g. for issue tracking or
metrics
·Provide management with information and assistance in the planning,
development and implementation of security solutions.
·Document and maintain internal procedures to support the information
security function
·Recommend changes to internal procedures to reduce issues and enhance
security awareness
·Adhere strictly to compliance and operational risk controls in
accordance with company and regulatory standards, policies and practices;
report control weaknesses, compliance breaches and operational loss events
·Other responsibilities as assigned
JOB REQUIREMENTS
---------------------------------------------------
Qualifications and Requirements:
·Must have extensive understanding of Application Security; direct,
hands-on experience in application penetration testing or application security
design and implementation; strong, demonstrable aptitude for and interest in
information security and application security
·Other requirements are proven leadership skills, including strong
initiative, consensus-building and collaborating directly with a variety of
clients (business, development, compliance, etc.); strong written communication
(writing sample to be requested); polished and professional verbal
communication skills, experienced facilitator and briefer; ability to adapt and
apply application security expertise to new scenarios and technologies; broad
awareness of security analysis tools and techniques, security products; good
understanding of web-based application architectures (J2EE, .net, Portal); good
understanding of SQL and common database platforms; wrking knowledge of
network/internet security; demonstrated ability to lead and manage projects
·Preferred qualifications are source Code review from a security
perspective (Java, C++, C#, perl, javascript); relevant professional
certifications: GCIH/GSEC, CISSP, CISA/CISM; knowledge of UNIX/Solaris,
Windows, application and network security technologies
·Requires an individual with a Master’s degree, or equivalent
experience in business, computer science or related fieldThe preceding three
years of experience focused on delivering complex security services or
solutions, OR the preceding year of experience focused on delivering complex
security services, with four years prior experience in complex application
design and development
CONTACT
---------------------------------------------------
Please forward applications directly to Lara Janze at lara_janze@hsbc.ca or
visit our website at www.hsbc.ca/careers and apply directly on-line.
HSBC Technology Services
Lara Janze
Senior IT Recruiter
lara_janze@hsbc.ca
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
