Greetings All, I am a recruiter. One of my candidates recommended this list as the best place to finde quality security software engineers. Please let me know if it is appropriate for recruiters to post to this list.
My client is a very early stage start-up located in Waltham, MA. They have about 5 employees. Just closed first round funding with Greylock Ventures and Commonwealth Capital. I am trying to find: Web-based Application Security Engineer Job Description: We are currently seeking a Senior Security Engineer with web-based application security experience. The candidate will lead the research and development of an innovative application security assessment technology. This technology will be used to locate and provide remediation of web-based application vulnerabilities at the source code level. Required Skills: � In depth knowledge of common application layer vulnerabilities such as buffer overrun, privilege escalation, cross-site scripting attacks, SQL injection attacks, etc... � Complete understanding of web-based application architectural design and implementation. � In depth knowledge of the languages and technologies used to build web-based applications (e.g. HTML, Java, JavaScript, XML, ColdFusion, ASP, JSP, Perl, PHP, C#, J2EE, .NET Framework, etc.) � In depth knowledge of information security and network engineering. � Ability to/ and has performed Web-based Application security audits, security code reviews, etc. � A strong development background and has the capability to architect, design and implement the technology. � In depth knowledge of both theoretical and practical security experience � Provide leadership and direction of all facets of the technology from it's inception to its implementation. � Strong written and oral presentation and communication skills with the ability to communicate to organizations inside and outside the company. Desired Skills: � Compiler technologies including lexical analysis and parsing. � Internal knowledge of the language interpreters used in implementing web-based applications � Familiar with existing source code assessment tools and technologies (e. g. RATS, ITS4, Splint, FlawFinder, etc.) � Familiar with existing web-based application security testing tools and technologies (e.g. Sanctum's AppScan and AppScan DE, Cenzic from Hailstorm, ScanDo from Kavado, etc.) Feel free to contact me and thanks for any referrals. Regards, Paul Blumenfeld High Tech Ventures Office (617) 520-2127 Cell (617) 312-7632 Home Office (781) 316-1604 http://www.htventures.com
