Hello,
This is swami from Sure IT Solutions.
This email is reference to your resume. We have a very Urgent requirement
for Application Security Engineer in MD. The client is looking for a
candidate who has good hands on SOA. So please let me know if you are
comfortable for this position.
Location: Rockville, MD
Duration: 18 months.
Application Security Engineer
Under the supervision of the Director, Application Security or designate,
the Application Security Engineer is responsible for :
. Assuring that IT application software and infrastructure is
designed and implemented to applicable security standards. Will utilize
probing applications ("blackbox testing") and review code for security holes
("whitebox testing").
. Perform risk and vulnerability assessments, penetration tests and
potential incident response, especially relating to applications/databases;
analyze results and make recommendations
. Assist in the development, configuration and C&A of various
systems (especially relating to applications/databases) to ensure adequate
security of high performance, highly available, and mission critical
applications
. Provide input and visibility into emerging security technologies,
deployment strategies and other security protocols to ensure awareness
within the software organization.
. Serve as a Subject Matter Expert (SME) on application/database
security topics.
. Have professional, hands-on experience on developing software as
a programmer, especially web application development experience in Java or
.Net technologies
Essential Job Functions:
. Review application code for vulnerabilities, using both manual
and automated code scanning techniques - aka "Whitebox Testing".
. Perform vulnerability scanning and penetration testing at all
application tiers using appropriate tools (network scanners, web scanners,
database scanners, etc.) - aka "Blackbox Testing".
. Knowledge of operating systems (Windows, Unix) and common COTS
products used to deliver web services, including IIS, Apache, Tomcat, Oracle
Application Server, WebSphere, etc.
. Identify and convincingly explain the risks associated with
common application vulnerabilities, demonstrate exploitation, and recommend
mitigation options.
. In all cases, candidate must be able to convincingly communicate
findings and remediation options to non-technical business managers,
technology managers, application development and architecture staff, and
other information security technologist.
Education/Experience Requirements:
. Education: Bachelor's degree in engineering or information
systems. MS preferred.
. Application Architecture: Understand 3-tier architecture and the
functional components of each layer;
. Application Development: 5+ years hands-on experience in
applications development (primarily web-based applications), with at least
two of those years relating to database development. Experience should
include substantial programming in Java, ASP/.Net, XML, and SQL.
Additional experience in C/C++, PHP desirable. Experience with SOA, Web2.0
desirable.
. Application Servers: Experience with Tomcat, Oracle Application
Server, WebSphere, etc.
. Databases: RDMS experience with Oracle and MS SQL Server.
. Source Code Analysis: Experience using Source Code
analyzers/ByteCode Scanners (Fortify, Ounce, Coverity, Klocwork,
Prefix/Prefast, Findbugs, FXCop) and evaluating results.
. Web Vulnerability Detection: Experience using Web Application
Vulnerability Scanners (Watchfire, Cenzic, SPIDynamics, AppDetect) and
evaluating results.
. Database Vulnerability Detection: Experience using Database
Scanners such as DbProtect/AppDetect, NGSS
. Information and Application Security Concepts: Familiar with key
concepts and frameworks such as OWASP, CVE, CVSS, etc. Thorough
understanding of and ability to explain and demonstrate common application
vulnerabilities, including inadequate input validation, SQL injection,
cross-site scripting, buffer overflow, etc.
. General Skills: Excellent analytical, organizational, time
management and problem solving skills are essential.
. Communication Skills: Excellent oral and written communication
skills a must, including ability to interact effectively with executives,
vendors, application business owners, technical project teams, and others.
* *
* *
* *
* *
We offer genuine opportunities and try our best to provide legitimate
feedback in a timely manner. But the Clients take their own time reviewing
resumes and scheduling interviews. Hiring's have slowed down in the recent
past and therefore please be tolerant while we go through the hoops.
Please send only those candidates who have all the must have experiences and
can provide verifiable references from last 1-2 years of projects done in
US.
Please respond with only your pre-existing W2/H1 employees. We reserve the
right to work directly with all others.**
* *
* *
*Thank's *
*Best Regards*
*SWAMY GKA*
*Sure IT Solutions Inc.[?]*
(*: (602)-490-0106 *
7*: (866) 322-0121*
**:[EMAIL PROTECTED], *
[EMAIL PROTECTED]
*Yahoo IM: swamy_gka*
*http:/www.sureitinc.com*
* *
* *
* *
* *
* *(The contents of this e-mail are confidential to the ordinary user of the
e-mail address to which it was addressed and may also be privileged. If the
reader of this message is not the intended recipient, any dissemination,
distribution or copying of the information contained in this Internet
message is strictly prohibited. If you have received this e-mail in error
please notify us by telephone or e-mail the sender by replying to this
message, and then delete the e-mail and other copies of it from your
computer system. Thank you. We believe this email to be virus free but do
not warrant that this is the case and we will not accept liability for any
losses arising from any virus being transmitted unintentionally by us.)
* *
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CDAC_PGDEVD_10" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.co.in/group/CDAC_PGDEVD_10?hl=en
-~----------~----~----~----~------~----~------~--~---
<<inline: B09.gif>>
