Job Description :
Security focused .net developer to review/modify/enhance agency applications using best practice design principles to defend against attack vectors such as the OWASP top 20/etc.
This is a .net development position with a specific focus on enhancing/modifying/extending the security posture of various agency applications. This position will require 8+ years of very solid .net development experience covering a variety of technologies including, asp.net, c#, WCF services, X509 certificate use for two factor authentication, web services, framework 2.0 through 4.5, SQL/ORacle development experience (stored procedures, tables, views, etc), experience securing .net applications using best practice methodologies (whitelisting, cross-site scripting defense, session management, input validation/sanitizing, etc
A specific focus on security to include penetration testing of apps and using the code scanning tool HP Fortify.
One or more (more than one preferred) of the following certifications :
C.A.S.E- certified application security engineer,
CEH-certified ethical hacker, CASS - Certified application security specialist,
CPT-certified penetration tester, GSSP-Secure software programmer net),
GWEB-Web application defender.
Required Skills:
.net development, including the use of TFS/sharepoint for code/project tracking - 8 Years
securing applications using best practice, testing/coverage of things like OWASP top 20, use of x.509 certificates, input validation/sanitization/etc - Required 5 Years
penetration/security testing of .net apps - Required 5 Years
use of HP fortify for scanning/remediating applications - Required 3 Years