Have a question or comment? 610-889-9990

info@aavalar.com

19 March 2014

Comments:

Off
 March 19, 2014
 Off
Open IT Jobs

Aavalar is looking for an Application Security Consultant for a large financial institution in the Wilmington/Newark area. This is a great role for an individual looking to make a difference in the IT security area. This person must be able to interact with various business units and system administrators.

Consultant’s Title: Security Engineer

Work Location: Wilmington/Newark, DE

Is Telecommuting possible: No

Work environment: Beautiful private office, state of the art technology, with onsite cafeteria, very friendly, business casual.

Who does this position will report to: Team lead

Why is there a need for a consultant/contractor: Growing department with a lot of work that is un-touched.

What is the start date of the contract: ASAP

What is the anticipated length/scope of the contract: Slated for 6 months, could be extended but no guaranteed.

What is the size of department: roughly 5-10 people

What projects will the consultant be involved with: Application Risk. The individual will ensure the Security of all applications and systems running in the BCUS domain. This includes understanding all existing web based (Java & .NET) and other third party applications running in the environment, reviewing security provisions of all new applications and major changes in the environment.

Responsibilities:

– Support projects within the SDLC and Agile environments with applications security testing penetration testing and vulnerability management functions.
– Perform Web / Mobile application security assessments and penetration testing on projects and/or releases; produce detailed risk reports with identified vulnerabilities and remediation recommendations.
– Conduct static and dynamic code analysis as needed to support release cycles.
– Work closely with development team during the envisioning and development process to guide secure design and secure coding practices.
– Manage web application firewall through log analysis, system tuning and
– Evaluate, track, and ensure compliance of high and critical vulnerabilities; develop, maintain and update scorecards to reflect vulnerabilities and communicate to end users.
– Implement security solutions, and provide technical leadership during the design, development, and testing phases of major initiatives.

Role with the group: Security Engineer

Required Skills:

– Knowledge of the software development lifecycle in a large enterprise environment including agile processes and practices.
– Experience with performing manual and automated code review and develop/propose /enforce secure coding standards and policies.
– Knowledge of in the OWASP top 10 and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems.
– Good Understanding of various web application architectures and web technologies ( Java, MS .NET etc.)
– Experience in application firewalls, and intrusion prevention systems (e.g. Mod security) Experience with commercial application scanning tools (DAST) like IBM’s AppScan, HP’s WebInspect, etc.
– Experience with commercial static analysis tools (SAST) like HP’s Fortify, Klockworks etc.
In-depth knowledge of any proxying and/or fuzzing tools such as Paros, Burp, WebScarab, OWASP ZAP etc.
– Familiar with WebServices technologies like XML, SOAP, and AJAX.
– Understanding of server and client side application development, Middleware software’s (Oracle’s WebLogic, IBM’s WebSphere, Apache Tomcat)
– Proficiency in utilization of information security tools such as Nmap, Nessus, Burp Suite, Kismet, and Metasploit; manual techniques to exploit vulnerabilities in networks and applications.
– Industry security certifications preferred (CISSP, CISA, CCNA etc)
Desired Certifications:

Industry certifications preferred CEH, OSCP, GWAPT, LPT or ECSA
Additional certification desirable CSSLP and GSSP

Selling point of the job: Up and coming team and department within the company. A real chance to put your stamp on helping take a major company to the next level with IT security.

Work Hours and Schedule: 40 hours, flexible work schedule

Is there travel involved? No travel

Is overtime paid, and is it at straight time? Straight time

Dress Code: Business Casual

Who is involved in the interview process? Manager, Team lead, and team members

Key words: Security, SDLC, Agile, CISA, CISSP, CCNA, .net, Java

 

Apply Online Contact Us

 

Comments are closed.