Application Security Tester
. Location: Detroit, MI . Duration: 6 Months + Job Description: Candidate will be responsible for planning, designing and executing security test efforts. The candidate will be actively involved in manual and automated security testing. In addition, the candidate will be involved in the review of business requirements, test cases, and other project artifacts. Responsibilities * Coordinate system testing with appropriate project personnel and other program elements to conduct security testing. * Create, design, and implement test plans around testing the security of systems, processes and their environment. * Use and configure security tools * Writes test plans for all levels of testing. Maintains records of test progress, documents test results, prepares reports and presents results as appropriate * Review requirements and security risk documents, and define security scenarios * Perform Penetration assessments in Internet, Intranet and Wireless environments including discovery, service and vulnerability scanning, and exploits of identified vulnerabilities to gain or expand access as appropriate * Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures * Develop, assemble, and submit testing results reports that document testing activity and results. Required Experience * Minimum of 3 years experience in planning and implementing security test efforts. * Minimum of 3 years experience with manual security testing. * Minimum of 3 years experience with vulnerability assessment tools such as Nessus, AppDetective, Burp Suite, WebInspect, AppScan, and Fortify. * Utilize technology and tools to continually learn and innovate, share knowledge with team members and enhance service delivery. * Manual attack and penetration testing experience above and beyond running automated tools is a plus * Practical knowledge and experience with OWASP top ten issues . Demonstrate proficiency in the English language, including the ability to communication effectively both written and verbally in a professional environment . Demonstrate integrity, maturity, dependability, and a positive attitude . Demonstrated leadership and strong interpersonal skills with the ability to work well in a team. * Self-motivated with ability to work with minimal supervision. * Ability to plan and manage time based on schedules. * Excellent problem solving skills. * Experience developing custom security assessment scripts or programs is a plus * Application development experience is a plus * Take full responsibility for tasks including consistently reviewing one's work to identify and improve own approach for producing quality work products. * Complete work in a timely manner and take responsibility for all work outputs. * Develop rapport with others by demonstrating an understanding of their concerns, needs and issues and focus on developing an internal network of relationships that can provide advice and support. * Apply root cause analysis to identify and assess problems and key drivers of success. Develop potential conclusions from data with limited complexity. * Demonstrate flexibility and willingness to work in excess of standard hours when necessary. Technical Experience * Candidate should possess related professional certifications such as Certified Information System Security Professional (CISSP) or GIAC Security Essentials Certification (GSEC). * Strong Unix, Windows, networking and wireless security skills * Deep understanding of TCP/IP networking * Strong technical skills related to a broad range of operating systems and databases * An understanding of web-based application vulnerabilities * Experience with programming languages such as Java, C, C++, C#, asp, and .NET * Application security source code assessments is a plus Education * Undergraduate or Masters Degree in MIS, Computer Science, or related field from a recognized college or university or equivalent work experience. Thanks, Alexandra Castillo Corona Technology Staffing, Inc. (305) 433-8041 www.coronastaff.com -- You received this message because you are subscribed to the Google Groups "American Vendor--IT Consulting" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/sap-vendor?hl=en.
