Hello, We are looking for *Software Engineer* in *Reston, VA* . If you are interested, please send your updated resume along with desire salary to me at *[email protected] <[email protected]>*
*Job Title:* Software Engineer *Job Location:* Reston, VA *Experience: *10+ years *MOI*: F2F *Job Description: * · To participate in the implementation of software security processes, tools, and technical solutions in order to improve the quality and security of Client products. · The Software Engineer will be deeply involved in security-driven assessments of Client products utilizing automated and manual techniques. · Evaluate new and existing security standards, tools and solutions. · Participate in documenting processes and technologies that support secure software development practices. · Participate in maintaining a security API used by Client applications. · Support developers in the areas of secure coding practices, vulnerability assessments, and remediation. · Stay current with emerging software security technologies, industry trends, and attack vectors, with a primary focus on internal reference architecture and security standards. · Operate and customize code scanning and review tools. · Participate in secure code reviews of Client applications. · *Participate in security incident response*. * **strong security coding experience in JAVA.* Work with IT Groups to define, develop, socialize and execute long-term application security roadmap, including: · Conduct in-house code reviews, static analysis and dynamic analysis on software products. · Conduct manual and automated security testing of Client applications. · Perform day-to-day operations of static analysis tool and IDE plug-in support. · Assist with the remediation of security vulnerabilities found via code scanning and manual inspection and penetration testing. · Help review static analysis tool findings with product teams and other IT stakeholders; participate in manual code inspections. · Review dynamic analysis tool findings and identify sources of problems with product teams and other IT stakeholders. · *Maintain common security API* used by Client software products. *Required Skills:* · Bachelor’s Degree in a related field plus additional related college courses or professional training. · Four to seven years of progressively responsible directly-related experience. *Related Skills & Other Requirements:* · Strong and evolving competence in several programming languages and technologies, mastery of one or more tools sets, technologies and implementation environments. · Advanced knowledge of programming languages, relational database management systems, networking technology, multiple desk operating systems and multiple server operating systems. · Understanding of modern software engineering principles and practices. · Strong customer service orientation. · Strong problem solving and analytic skills. · Must have strong knowledge in one or more of the following: HTML, JavaScript, DOM, AJAX, CSS/CSS2, XML, XHTML, DHTML, etc. · Experience writing automated unit tests. · Must have adequate knowledge of J2EE and/or .NET technologies. · Knowledge of Cross-Site Scripting (XSS), HTTP Request Smuggling, SQL Injection, RFI (Remote-File Inclusion), LFI (Local-File Inclusion), CSRF (Cross-Site Request Forgery), Response Splitting, OWASP Top 10 and other attack vectors a plus. · Knowledge of OWASP Web Security Certification Criteria, OWASP testing guidelines and PCI Data Security Standards is a plus. · Experience with one or more of the following tools nmap, wikto, nessus, whisker, crowbar, Paros, suru, Wireshark, TCPDump, ISS is a plus. · Experience with one or more of the following web app scanners - *IBM AppScan (WatchFire), Client Web Inspect (SPIDynamics), Cenzic*, Web Scarab is a plus. · *Experience in performing code reviews*. · Strong interest in IT Security with a passion to solve problems. · Knowledge of TCP/IP, HTTP/S and other protocols. · Any knowledge of one or more of the following is a plus but not required -- Python, Ruby, PHP or other scripting languages. · Willingness to learn and try new things as well as extremely good research skills · Reverse engineering experience using one or more of the following tools -- (IDA, Olly, and SoftIce) is a plus. · Experience with protocol analysis, forensic analysis is a plus. · Experience installing, configuring and maintaining continuous integration (CI) environment(s) using tools such as Cruise Control, Cruise Control.NET, Hudson, Bamboo, Gauntlet, in a test driven development (TDD) process is a plus. · Experience with one or more of the following static analysis tools are highly desired: Ounce Labs, Fortify, Klocwork, Prefix/Postfix, FindBugs, FxCop, and PMD. · Additional certifications such as CISSP, ENCE, CCE, GCFA, GCIA, GCIH, CHFI and/or QSA are highly desired. · Ability to travel when required. -- You received this message because you are subscribed to the Google Groups "MCMS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mcms. For more options, visit https://groups.google.com/d/optout.
