---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Engineer
Location: New York, New York, United States
Type: Permanent F/T
Closing Date: 2007-08-24
WorldEvolved is the second venture for Heidi Messer and Stephen
Messer, the sister and brother team who founded, built and sold
LinkShare Corporation (www.linkshare.com) acquired by a Japanese
portal for $425m in 2005. The transaction is widely recognized as one
of the most significant investor exits in the New York new media
market in the last decade. For more information, visit
http://www.linkshare.com/press/rakuten.shtml. Having revolutionized
the world of e-commerce with their last company, the Messers are in
the process of launching a new game changing initiative. They are now
recruiting an elite team and add to an already talented pool of Ph.D
developers and experienced Internet executives. The company is still
in stealth mode and thus information on what is being developed will
only be provided after an initial screening of prospective candidates
who have signed non-disclosure agreements. The company is
headquartered in midtown in New York City. Only highly skilled
applicants with a desire to work hard and make their mark in a very
intense start-up environment should apply.
Position Responsibilities:
1. Design, implement, test and maintain web service security solutions and both
in terms
of protocols and practical security issues (networking, firewalls, source code).
2. Interface with peers, business and application development teams to derive
security
requirements.
3. Coordinate the development, implementation and administration of security
architectures, policies and standards related to applications.
JOB REQUIREMENTS
---------------------------------------------------
Please include the answers to the following 3 questions along with
your resume. Otherwise, your resume will not be considered.
A. When a Flickr application foo.com wants to authenticate Alice
it redirects her to the Flickr login page.
Alice logs in successfully and then is redirected back to foo.com.
Using no more than one sentence explain why this extra redirection step is
necessary.
Why not have Alice login to foo.com and then have foo.com forward Alice's login
information to the Flickr servers?
B. When Alice is redirected back from Flickr's login page to foo.com, Flickr
gives Alice
a unique number called a frob that changes on each login.
She passes the frob back to foo.com.
Foo.com then exchanges the frob to get a token to establish a session with
Flickr.
In one or two sentences explain why this exchange is necessary.
Why shouldn't the frob be allowed to be used as the token?
For more details on Flickr's authentication mechanisms visit:
http://www.flickr.com/services/api/misc.userauth.html
C. Alice wishes to send a message to Bob through a channel that is being
evesdropped by Eve.
Both Alice and Bob have secret keys and they can use a commutative encryption
algorithm,
so that Ea(Eb(m)) = Eb(Ea(m)) (i.e. the encryption order does not matter).
How can Alice send the message to Bob if Alice and Bob don't know each other's
secret key and don't want Eve to see the message?
Terminology: Ea(m) means Alice encrypts a message m and Da(Ea(m)) = m
(i.e. Alice decrypts the ciphertext to retrieve m).
Position Responsibilities:
1. Design, implement, test and maintain web service security solutions and both
in terms
of protocols and practical security issues (networking, firewalls, source code).
2. Interface with peers, business and application development teams to derive
security
requirements.
3. Coordinate the development, implementation and administration of security
architectures, policies and standards related to applications.
Background/Skills:
Must have:
* Masters or B.S. in related areas (Computer Science, Information Security
etc.).
* Working knowledge of large security systems (core role in the design,
implementation,
testing and maintainance of the system).
* Resume demonstrates that the applicant has successfully launched
security-related
services.
* 3+ years of industrial strength security systems development.
* In depth knowledge of XML, J2EE, Java security and cryptography, databases.
* Experience with Perl and/or shell scripting in Linux or BSD.
* Knowledge of E-Commerce security best practices.
* Knowledge of web-based security standards (token-based SSO, SAML, LDAP,
WS-Security, WS-Federation, WS-Trust, Digital Certificates, SSL).
* Very strong written and verbal communication skills.
* Strong engineering-minded personality. Enjoys hands-on work and passionate
about
researching, designing and implementing large, state-of-the-art internet
services.
* Great problem solving skills, resourcefullness and attention to detail.
* Excitement in working in a startup environment.
Good to have:
* Knowledge of coding security best practices.
* Experience with SOA.
* Experience with UML modeling.
* Experience with banking web services and identity fraud management systems.
CONTACT
---------------------------------------------------
WorldEvolved Services, LLC
Nikos Michalakis
Hiring Manager
hire@reloadnyc.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
