| Location | |
| Country: | United States |
| State/Prov: | Virginia |
| City: | Chantilly |
| Position | |
| Position/Title: | Application Security Engineer |
| Position Type: | Permanent F/T |
| Closing Date: | 2008-06-01 |
| Job Description: |
• Assuring that IT application software and infrastructure is designed and implemented to applicable security standards. Will utilize probing applications and review code for security holes. • Perform risk and vulnerability assessments, penetration tests and potential incident response, especially relating to applications/databases; analyze results and make recommendations • Assist in the development, configuration of various systems (especially relating to applications/databases) to ensure adequate security of high performance, highly available, and mission critical applications • Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the software organization. • Serve as a Subject Matter Expert (SME) on application/database security topics. • Have hands-on experience on developing software as a programmer, especially web application development experience in Java or .Net technologies • Work with Information Security department head and systems engineers to define security requirements for infrastructure implementations. • Stay abreast of security trends and new technologies that will enhance current and future security architectures. • Identify, report, and resolve security violations as well as maintain systems to protect data from unauthorized users. • Represent Information security department during ongoing audits. • Educate staff though the use of the Intranet on security subjects promoting awareness. |
| Job Requirements: |
• Bachelor's Degree in Computer Science or related field. • 5+ years practical experience in information security, including 2-5 years involving risk management in the area of applications development, with at least two of those years relating to database development.. • Deep understanding of the strategic elements and processes of corporate security in a business environment. • Extensive knowledge of LAN/WAN architecture including Novell/NT/UNIX servers, frame relay, TCP/IP. • At least four years in a security role preferable, especially as it relates to applications/databases. • Understand 3-tier architecture and the functional components of each layer. • Whitebox testing: o Manually Review source code such as ASP/.NET, Java, C++/C#/C, Perl, PHP, Python and Java for vulnerabilities; o Experience using code scanners • Blackbox testing: o Experience using WebScanners o Vulnerability scanners o Database scanners • Provide guidance on potential exploit data and impacts to existing applications. o Exposure to OWASP and CVE vulnerabilities. o Knowledge of the following: Input Validation (SQL Injection, Cross Site Scripting, Buffer Overflows etc), Authentication ; Authorization; Cryptography; Cryptographic Algorithms and Associated Parameters; Cryptographic Keys Protection; Cryptographic Protocols and Associated Parameters; Cryptographic: Using Public Key Infrastructure ; Cryptography for Confidentiality; Application Security; General Authentication; Output Validation; Passwords; Password Complexity; Password Expiration and Lockout; Password Transmission and Storage; Passwords Protection; Production Application Instance Sensitive Information; State Management : Cookies and Session; Trust • Requires in-depth knowledge of TCP/IP and related communication protocols. Some knowledge of basic unix network communications, Windows NT networking communication and NT authentication schemes (Kerberos, NTLM, AD), web applications access databases (JDBC, ODBC, Sqlnet, etc.). • Strong verbal, written and interpersonal skills are required. • Certifications desired: CISSP, GIAC. Please submit resume AND salary requirements to hr (at) intersections (dot) com. [email concealed] Resumes without salary requirement will NOT be considered. Intersections Inc. is an Equal Opportunity Employer. EOE/M/F/D/V. |
| Contact Information | |
| Contact Directions: | Feel free to contact me via email @ bharrison (at) intersections (dot) com [email concealed] or hr (at) intersections (dot) com. [email concealed] Also, you may fax your resume to 703-488-6223. |
| Company: | Intersections Inc. |
| First Name: | BRIGITTE |
| Last Name: | HARRISON |
| Title: | Corporate Recruiter |
| Email: | hr (at) intersections (dot) com [email concealed] |