Application Security Engineer - Georgia IT Inc.
Wilmington, DE
About the Job
Position Title: Application Security Engineer
Location: Wilmington, DE
Start Date: Immediately! ASAP!
Job Type: Contract/Contract to hire
Job Scope:
Skill Requirement:
* Knowledge of the software development lifecycle in a large enterprise environment including agile processes and practices.
* Experience with performing manual and automated code review and develop/propose /enforce secure coding standards and policies.
* Knowledge of in the OWASP top 10 and related exploitation techniques, including cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems.
* Good Understanding of various web application architectures and web technologies ( Java, MS .NET etc.)
* Experience in application firewalls, and intrusion prevention systems (e.g. Mod security) Experience with commercial application scanning tools (DAST) like IBM's AppScan, Client's WebInspect, etc.
* Experience with commercial static analysis tools (SAST) like Client's Fortify, Klockworks etc.
* In-depth knowledge of any proxying and/or fuzzing tools such as Paros, Burp, WebScarab, OWASP ZAP etc.
* Familiar with WebServices technologies like XML, SOAP, and AJAX.
* Understanding of server and client side application development, Middleware software's (Oracle's WebLogic, IBM's WebSphere, Apache Tomcat )
* Proficiency in utilization of information security tools such as Nmap, Nessus, Burp Suite, Kismet, and Metasploit; manual techniques to exploit vulnerabilities in networks and applications.
Required Certification:
One of the following: CISSP, CISA, CCNA, CISM, Security+
Desired Certifications:
* Industry certifications preferred CEH, OSCP, GWAPT, LPT, ECSA, CSSLP and GSSP
Location: Wilmington, DE
Start Date: Immediately! ASAP!
Job Type: Contract/Contract to hire
Job Scope:
- * Support projects within the SDLC and Agile environments with applications security testing penetration testing and vulnerability management functions.
* Perform Web / Mobile application security assessments and penetration testing on projects and/or releases; produce detailed risk reports with identified vulnerabilities and remediation recommendations.
* Conduct static and dynamic code analysis as needed to support release cycles.
* Work closely with development team during the envisioning and development process to guide secure design and secure coding practices.
* Manage web application firewall through log analysis, system tuning and
* Evaluate, track, and ensure compliance of high and critical vulnerabilities; develop, maintain and update scorecards to reflect vulnerabilities and communicate to end users.
* Implement security solutions, and provide technical leadership during the design, development, and testing phases of major initiatives.
* Provide SIEM Architecture
Skill Requirement:
* Knowledge of the software development lifecycle in a large enterprise environment including agile processes and practices.
* Experience with performing manual and automated code review and develop/propose /enforce secure coding standards and policies.
* Knowledge of in the OWASP top 10 and related exploitation techniques, including cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems.
* Good Understanding of various web application architectures and web technologies ( Java, MS .NET etc.)
* Experience in application firewalls, and intrusion prevention systems (e.g. Mod security) Experience with commercial application scanning tools (DAST) like IBM's AppScan, Client's WebInspect, etc.
* Experience with commercial static analysis tools (SAST) like Client's Fortify, Klockworks etc.
* In-depth knowledge of any proxying and/or fuzzing tools such as Paros, Burp, WebScarab, OWASP ZAP etc.
* Familiar with WebServices technologies like XML, SOAP, and AJAX.
* Understanding of server and client side application development, Middleware software's (Oracle's WebLogic, IBM's WebSphere, Apache Tomcat )
* Proficiency in utilization of information security tools such as Nmap, Nessus, Burp Suite, Kismet, and Metasploit; manual techniques to exploit vulnerabilities in networks and applications.
Required Certification:
One of the following: CISSP, CISA, CCNA, CISM, Security+
Desired Certifications:
* Industry certifications preferred CEH, OSCP, GWAPT, LPT, ECSA, CSSLP and GSSP
Source : Georgia IT Inc.