Job Description :
Basic Qualifications
5 years of application security experience
Solid development background with at least 1 object oriented language
Experience with secure coding guidelines, static analysis and penetration testing
Experience in remediating complex enterprise level security issues
Experience with usage and customization of commercial static and dynamic analysis tools like Fortify, Checkmarx, Coverity, Acunetix, AppScan, WebInspect, etc.
Working knowledge of programming languages such as Java, PHP, Python, C# and web based technologies.
Excellent communication skills with both oral and written experience with presentations and reports.
Security certification is a plus - GPEN, GWAPT, GWEB, CISSP, OSCP, etc.
Member and active participation in security organizations such as OWASP, ISSA and SANS.
Responsibilities
Manual and automated review of source code (Java, Android, PHP, Python, Ruby C#, Objective C, C++) for security vulnerabilities
Actively develop internal assessment tools and methodologies to identify new security issues
Penetration testing of websites, web services, mobile applications
Implementation of static and dynamic automated security testing tools and their deployment within continuous integration systems
Attends design reviews and actively leads the discussions from a security standpoint.
Be part of security program through a very close collaboration with all development teams.
Involved in creation of all the necessary documentation for execution of application security program.
Evaluates application development and implementation activities for possible vulnerabilities.
Ensuring that application security requirements are identified early on and are being baked into all projects.
Driving application security awareness and remediation of identified vulnerabilities
Development of in-house tools to integrate with SDLC and to track and derive security metrics
Work closely with development teams to identify and fix security issues in their applications.
Looking for someone with a Development background who has moved into security.
3 to 5 years application security experience roughly. Not only pen testing, but they will be looking at source code of an application as well.
Java would be the preferred.
CERTS would be ideal as it shows they possess the knowledge, but not a hard requirement.
Will be doing a combination of pen testing as well as static analysis (code reviews