Under the supervision of the Director, Application Security or designate,
the Application Security Engineer is responsible for :
. Assuring that IT application software and infrastructure is
designed and implemented to applicable security standards. Will utilize
probing applications ("blackbox testing") and review code for security
holes ("whitebox testing").
. Perform risk and vulnerability assessments, penetration tests and
potential incident response, especially relating to
applications/databases; analyze results and make recommendations
. Assist in the development, configuration and C&A of various
systems (especially relating to applications/databases) to ensure adequate
security of high performance, highly available, and mission critical
applications
. Provide input and visibility into emerging security technologies,
deployment strategies and other security protocols to ensure awareness
within the software organization.
. Serve as a Subject Matter Expert (SME) on application/database
security topics.
. Have professional, hands-on experience on developing software as
a programmer, especially web application development experience in Java
or .Net technologies
Essential Job Functions:
. Review application code for vulnerabilities, using both manual
and automated code scanning techniques - aka "Whitebox Testing".
. Perform vulnerability scanning and penetration testing at all
application tiers using appropriate tools (network scanners, web scanners,
database scanners, etc.) - aka "Blackbox Testing".
. Knowledge of operating systems (Windows, Unix) and common COTS
products used to deliver web services, including IIS, Apache, Tomcat,
Oracle Application Server, WebSphere, etc.
. Identify and convincingly explain the risks associated with
common application vulnerabilities, demonstrate exploitation, and
recommend mitigation options.
. In all cases, candidate must be able to convincingly communicate
findings and remediation options to non-technical business managers,
technology managers, application development and architecture staff, and
other information security technologist.
Education/Experience Requirements:
. Education: Bachelor's degree in engineering or information
systems. MS preferred.
. Application Architecture: Understand 3-tier architecture and the
functional components of each layer;
. Application Development: 5+ years hands-on experience in
applications development (primarily web-based applications), with at least
two of those years relating to database development. Experience should
include substantial programming in Java, ASP/.Net, XML, and SQL.
Additional experience in C/C++, PHP desirable. Experience with SOA,
Web2.0 desirable.
. Application Servers: Experience with Tomcat, Oracle Application
Server, WebSphere, etc.
. Databases: RDMS experience with Oracle and MS SQL Server.
. Source Code Analysis: Experience using Source Code
analyzers/ByteCode Scanners (Fortify, Ounce, Coverity, Klocwork,
Prefix/Prefast, Findbugs, FXCop) and evaluating results.
. Web Vulnerability Detection: Experience using Web Application
Vulnerability Scanners (Watchfire, Cenzic, SPIDynamics, AppDetect) and
evaluating results.
. Database Vulnerability Detection: Experience using Database
Scanners such as DbProtect/AppDetect, NGSS
. Information and Application Security Concepts: Familiar with key
concepts and frameworks such as OWASP, CVE, CVSS, etc. Thorough
understanding of and ability to explain and demonstrate common application
vulnerabilities, including inadequate input validation, SQL injection,
cross-site scripting, buffer overflow, etc.
. General Skills: Excellent analytical, organizational, time
management and problem solving skills are essential.
. Communication Skills: Excellent oral and written communication
skills a must, including ability to interact effectively with executives,
vendors, application business owners, technical project teams, and others.
--
With Regards,
RAMESH BABU
Sure IT Solutions Inc.
1801 W Queen Creed RD, Suite # 3, Chandler, AZ 85248
Fax: (866) 322-0121
Email:[EMAIL PROTECTED] <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
http:/www.sureitinc.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"DIRECT CLIENT IT NEED" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/direct-client-it-need?hl=en
-~----------~----~----~----~------~----~------~--~---
