*Please send me profile on **[email protected] <[email protected]>*
Hi, Currently, I am recruiting candidates for one of my requirement as mentioned below. If you have a matching profile, please send me the updated resume along with contact details at the earliest. *Title: Application Security Engineer PP_231* *Location: Wilmington DE* *Job Type: Contract* *Job Description:* *Basic Qualifications (minimum quantifiable requirements to qualify for this job)* · Support projects within the SDLC and Agile environments with applications security testing penetration testing and vulnerability management functions. · Perform Web / Mobile application security assessments and penetration testing on projects and/or releases; produce detailed risk reports with identified vulnerabilities and remediation recommendations. · Conduct static and dynamic code analysis as needed to support release cycles. · Work closely with development team during the envisioning and development process to guide secure design and secure coding practices. · Manage web application firewall through log analysis, system tuning and rule development. · Evaluate, track, and ensure compliance of high and critical vulnerabilities; develop, maintain and update scorecards to reflect vulnerabilities and communicate to end users. · Implement security solutions, and provide technical leadership during the design, development, and testing phases of major initiatives. *Preferred Qualifications* · Knowledge of the software development lifecycle in a large enterprise environment including agile processes and practices. · Experience with performing manual and automated code review and develop/propose /enforce secure coding standards and policies. · Knowledge of in the OWASP top 10 and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems. · Good Understanding of various web application architectures and web technologies ( Java, MS .NET etc.) · Experience in application firewalls, and intrusion prevention systems (e.g. Mod security) Experience with commercial application scanning tools (DAST) like IBM's AppScan, HP’s WebInspect, etc. · Experience with commercial static analysis tools (SAST) like HP’s Fortify, Klockworks etc. · In-depth knowledge of any proxying and/or fuzzing tools such as Paros, Burp, WebScarab, OWASP ZAP etc. · Familiar with WebServices technologies like XML, SOAP, and AJAX. · Understanding of server and client side application development , Middleware software’s (Oracle’s WebLogic, IBM’s WebSphere, Apache Tomcat ) · Proficiency in utilization of information security tools such as Nmap, Nessus, Burp Suite, Kismet, and Metasploit; manual techniques to exploit vulnerabilities in networks and applications. · Industry security certifications preferred (CISSP, CISA, CCNA etc) *Desired Certifications:* · Industry certifications preferred CEH, OSCP, GWAPT, LPT or ECSA -- You received this message because you are subscribed to the Google Groups "Citrix and Sap problems" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/citrix-and-sap-problems. For more options, visit https://groups.google.com/d/optout.
