Title: Application Security Engineer
Location: Rockville, MD
Length: 6-12+ Months
KEY EXPERIENCE: Most important is strong developer, needs some application
security experience.
Application Security Engineer is responsible for :
. Assuring that IT application software and infrastructure is
designed and implemented to applicable security standards. Will utilize
probing applications ("blackbox testing") and review code for security holes
("whitebox testing").
. Perform risk and vulnerability assessments, penetration tests and
potential incident response, especially relating to applications/databases;
analyze results and make recommendations
. Assist in the development, configuration and C&A of various
systems (especially relating to applications/databases) to ensure adequate
security of high performance, highly available, and mission critical
applications
. Provide input and visibility into emerging security technologies,
deployment strategies and other security protocols to ensure awareness
within the software organization.
. Serve as a Subject Matter Expert (SME) on application/database
security topics.
. Have professional, hands-on experience on developing software as a
programmer, especially web application development experience in Java or
.Net technologies
Essential Job Functions:
. Review application code for vulnerabilities, using both manual and
automated code scanning techniques - aka "Whitebox Testing".
. Perform vulnerability scanning and penetration testing at all
application tiers using appropriate tools (network scanners, web scanners,
database scanners, etc.) - aka "Blackbox Testing".
. Knowledge of operating systems (Windows, Unix) and common COTS
products used to deliver web services, including IIS, Apache, Tomcat, Oracle
Application Server, WebSphere, etc.
. Identify and convincingly explain the risks associated with common
application vulnerabilities, demonstrate exploitation, and recommend
mitigation options.
. In all cases, candidate must be able to convincingly communicate
findings and remediation options to non-technical business managers,
technology managers, application development and architecture staff, and
other information security technologist.
Education/Experience Requirements:
. Education: Bachelor's degree in engineering or information
systems. MS preferred.
. Application Architecture: Understand 3-tier architecture and the
functional components of each layer;
. Application Development: 5+ years hands-on experience in
applications development (primarily web-based applications), with at least
two of those years relating to database development. Experience should
include substantial programming in Java, ASP/.Net, XML, and SQL.
Additional experience in C/C++, PHP desirable. Experience with SOA, Web2.0
desirable.
. Application Servers: Experience with Tomcat, Oracle Application
Server, WebSphere, etc.
. Databases: RDMS experience with Oracle and MS SQL Server.
. Source Code Analysis: Experience using Source Code
analyzers/ByteCode Scanners (Fortify, Ounce, Coverity, Klocwork,
Prefix/Prefast, Findbugs, FXCop) and evaluating results.
. Web Vulnerability Detection: Experience using Web Application
Vulnerability Scanners (Watchfire, Cenzic, SPIDynamics, AppDetect) and
evaluating results.
Thanks & regards,
Arvi Singh
Purview IT
Phone: (703) 880-3299 x202 |Cell: (703) 338-4175 |Fax: 1 (888) 268-7270 |
Email: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]|www. purviewit.com
|YIM: arvipurview
Note :: If I am not reachable through Voice, please use YIM for quick
response.
Note: Before sending me REMOVE ME FROM LIST Email, Please make sure you are
not receiving email from GOOGLE GROUP. If you wish not receive email and
you are member of Google Group then please unsubscribe yourself from GOOGLE
GROUPS.
<http://www.facebook.com/people/Arvi_Singh/1539776018> Arvi Singh's
Facebook profile
Join me on Facebook
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"[EMAIL PROTECTED]" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/sudhi0707?hl=en
-~----------~----~----~----~------~----~------~--~---
<<inline: image001.jpg>>
<<inline: image002.png>>
