Job Description :
Application Security Consultant
Philadelphia, PA
6 months plus contract or contract to hire position

Required:
Proficiency in utilization of static code analysis tools such as Checkmarx, Veracode, HPFortify, etc.
Strong skills and proficiency in building security into the SDLC cycle, dev ops, and secure coding
Prior development experience is a plus

Experience with:
o Automated and Manual Secure Code Assessments
o Identification of vulnerabilities such as: SQL Injection, Cross-Site Scripting, Code Injection, Buffer Overflow, Parameter Tampering, Cross-site Request Forgery, HTTP Splitting, Log Forgery, DoS, Session Fixation, Session Poisoning, Unhanded Exceptions and Dangerous File Uploads.
o Customized rule sets to enforce coding best practices. For example, a custom rule to ensure all data is output encoded using the OWASP Java Encoding Library.
o Malicious Code Detection looking for hidden functionality, embedded commands, network activity and logic bombs.
Strong skills with Mobile application security
Experience with some of the following: Java, C#, PHP, Python, Groovy, Ruby, Android, iOS (Object C, Swift), Windows Mobile, C++, Node.JS, ASP.net, HTML5, VB, PL/SQL, PERL
Experience with dynamic and static application security testing
Penetration Testing experience is a plus
Experience Threat Model the application in order to discover the security risks in the application. The output from the threat model will drive the areas of focus in the secure code review.
A diverse skill base in both Information Systems and Information Security which address organizational structure and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures

Preferred:
Application source code security review skills
Experience with programming languages such as Java, C, C++, C#, and .NET
Knowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications and other Industry Related Security Standards (preferred)
Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Payment Card Industry (PCI) or Corporate Compliance (preferred)
Consulting experience in Information Security

Education & Professional Credentials
Bachelor’s degree in relevant discipline (e.g. MIS, CIS) required.
2+ years in a related field required, preferably in professional services and/or industry.
Professional Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT is a plus