Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Security Jobs: [SJ-JOB] Application Security Engineer, Chantilly

[SJ-JOB] Application Security Engineer, Chantilly

From: <hr_at_intersections.com>
Date: 5 May 2008 21:17:46 -0000
('binary' encoding is not supported, stored as-is) ---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------

JOB DESCRIPTION
---------------------------------------------------
Position: Application Security Engineer
Location: Chantilly, Virginia, United States
Type: Permanent F/T

Closing Date: 2008-06-01

&#149; Assuring that IT application software and infrastructure is designed and implemented to applicable security standards. Will utilize probing applications and review code for security holes.
&#149; Perform risk and vulnerability assessments, penetration tests and potential incident response, especially relating to applications/databases; analyze results and make recommendations
&#149; Assist in the development, configuration of various systems (especially relating to applications/databases) to ensure adequate security of high performance, highly available, and mission critical applications
&#149; Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the software organization.
&#149; Serve as a Subject Matter Expert (SME) on application/database security topics.
&#149; Have hands-on experience on developing software as a programmer, especially web application development experience in Java or .Net technologies
&#149; Work with Information Security department head and systems engineers to define security requirements for infrastructure implementations.
&#149; Stay abreast of security trends and new technologies that will enhance current and future security architectures.
&#149; Identify, report, and resolve security violations as well as maintain systems to protect data from unauthorized users.
&#149; Represent Information security department during ongoing audits.
&#149; Educate staff though the use of the Intranet on security subjects promoting awareness.

JOB REQUIREMENTS
---------------------------------------------------
&#149; Bachelor's Degree in Computer Science or related field.
&#149; 5+ years practical experience in information security, including 2-5 years involving risk management in the area of applications development, with at least two of those years relating to database development..
&#149; Deep understanding of the strategic elements and processes of corporate security in a business environment.
&#149; Extensive knowledge of LAN/WAN architecture including Novell/NT/UNIX servers, frame relay, TCP/IP.
&#149; At least four years in a security role preferable, especially as it relates to applications/databases.
&#149; Understand 3-tier architecture and the functional components of each layer.
&#149; Whitebox testing:
o Manually Review source code such as ASP/.NET, Java, C++/C#/C, Perl, PHP, Python and Java for vulnerabilities;
o Experience using code scanners
&#149; Blackbox testing:
o Experience using WebScanners
o Vulnerability scanners
o Database scanners
&#149; Provide guidance on potential exploit data and impacts to existing applications.
o Exposure to OWASP and CVE vulnerabilities.
o Knowledge of the following: Input Validation (SQL Injection, Cross Site Scripting, Buffer Overflows etc), Authentication ; Authorization; Cryptography; Cryptographic Algorithms and Associated Parameters; Cryptographic Keys Protection; Cryptographic Protocols and Associated Parameters; Cryptographic: Using Public Key Infrastructure ; Cryptography for Confidentiality; Application Security; General Authentication; Output Validation; Passwords; Password Complexity; Password Expiration and Lockout; Password Transmission and Storage; Passwords Protection; Production Application Instance Sensitive Information; State Management : Cookies and Session; Trust
&#149; Requires in-depth knowledge of TCP/IP and related communication protocols. Some knowledge of basic unix network communications, Windows NT networking communication and NT authentication schemes (Kerberos, NTLM, AD), web applications access databases (JDBC, ODBC, Sqlnet, etc.).
&#149; Strong verbal, written and interpersonal skills are required.
&#149; Certifications desired: CISSP, GIAC.

Please submit resume AND salary requirements to hr_at_intersections.com. Resumes without salary requirement will NOT be considered.

Intersections Inc. is an Equal Opportunity Employer. EOE/M/F/D/V.

CONTACT
---------------------------------------------------
Feel free to contact me via email @ bharrison_at_intersections.com or hr_at_intersections.com. Also, you may fax your resume to 703-488-6223.

Intersections Inc.
BRIGITTE HARRISON
Corporate Recruiter
hr_at_intersections.com

---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.

http://www.securityfocus.com/jobs
Received on May 05 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]