*Penetration / Application Vulnerability Tester* *The Woodlands, TX*
*Phone Interview Hire* *Local preferred but not required* *Certified Hacker is highly desired!* I need a resource who can work on the skills below. Phone interview will do. *Minimum of 8 years security related background.* *JOB DESCRIPTION:* Looking to bring on an experienced application security contractor in order to supplement internal efforts. *REQUIRED SKILLS:* Candidate should have all of the following technical and professional characteristics as well: · Experience with Penetration/ Vulnerability Testing for Web and Thick-client Applications within an Enterprise environment · Strong understanding of Web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc. · Understanding of Compliance and Regulatory requirements such as PCI DSS, SOX, HIPAA, etc. · Full grasp and ability to articulate and/or train others on the “OWASP Top 10” and related concepts · Programming and/or scripting in one or more of the following languages: .NET, Java, PHP, Ruby, Perl, Bash, or similar language · Experience with SQL - SQL Syntax and basic management of MS SQL databases · Ability to perform Manual Web Application Vulnerability Assessments without the use of automated tools such as web application scanners · Ability to capture and analyze network traffic at all seven layers of the OSI model, including ability to discern whether said network traffic contains vulnerabilities and/or sensitive data · Ability to capture and analyze network traffic at all seven layers of the OSI model · Have a solid grasp of core security fundamentals and concepts · Have a solid grasp of core security fundamentals and concepts, including knowing one’s system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc. · Experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention, Insider-threat Mitigation, Botnet Detection, etc., as well as demonstrable knowledge of the principles and techniques used to bypass said controls. · Ability to create extremely high quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management · Certifications as such is a huge advantage: GSEC, GWAPT, CISSP, GPEN, GXPEN, CISA, CISM, OSCP, OSCE *TECHNICAL SNAPSHOT:* · Vulnerability Testing · Web Application Testing · SAP Testing · Manual Testing · Automated Testing Tool (such as web application scanners) · HTTP, HTML, CSS, Forms, Database Connectivity · .NET, Java, PHP, Ruby, Perl, Bash, or similar language\ · SQL and SQL syntax · Capture and analyze network traffic at all seven layers of the OSI model · Enterprise-level security control implementations Thanks and regards Vamshi Sr. Technical Recruiter Sage Group Consulting Inc Direct: 732-837-2139 Phone : 732.767.0010 x 312 Email : *jvam...@sagetl.com* <jvam...@sagetl.com> Ghangouts:vamshijairecui...@gmail.com yahoo: vamshijairecui...@yahoo.com http://www.sageci.com https://www.linkedin.com/pub/j-vamshi/a8/b02/b4 -- You received this message because you are subscribed to the Google Groups "SAP or Oracle Financials" group. To unsubscribe from this group and stop receiving emails from it, send an email to sap-or-oracle-financials+unsubscr...@googlegroups.com. To post to this group, send email to sap-or-oracle-financials@googlegroups.com. Visit this group at https://groups.google.com/group/sap-or-oracle-financials. For more options, visit https://groups.google.com/d/optout.
