ReligStaffing Inc
Dover, DE
Post Resume to
View Contact Details &
Apply for Job
Job Description :
Deep knowledge of common web application vulnerabilities identified under OWASP Top 10 (e.g. XSS, CSRF, click jacking) and their mitigation strategies
Minimum 5 years of hands on software developer experience and should be able to read and write code.
Knowledge of:
o Dynamic Scanning
Evaluating external Pen Testing results – ensure results are mitigated within expected turnaround time based on risk level of items
Using tools like BurpSuite, OWASP ZAP and Fiddler to perform internal Pen Testing, verify the resolution of previously reported items and to pro-actively identify issues earlier in SDLC process
Using tools like Veracode and Whitehat for dynamic scanning and working with the team to educate them on best practices to resolve reported findings
Static Scanning
Using tools like Veracode and HP Fortify at the point of software builds
Using tools like Dependency Checker to identify all dependencies and any CWE’s (Common Weakness Enumeration)
Ensure secure coding standards are in place – educate team on standards and best practices – continue to grow standards over time
Ensure code reviews are in place and happening at the level we expect
Related Technologies:
Net (ASP.Net / C
JavaScript
AngularJS
SQL Server / Postgresql
System security vulnerabilities and remediation techniques.
Network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
Security across multiple disciplines (data, database, operating system
Work with DEV and QA teams to ensure application security principles are enforced in various stages of SDLC process.
Experience working in a security capacity with development team(s) that deliver a software-based service.
Strong understanding of threat modeling and security methodologies
Familiar with protocol analysis and cryptography.
Any security related certification such as CISSP, CSSLP CEH GIAC preferred.