Job Description :
Job Description:
To participate in the implementation of software security processes, tools, and technical solutions in order to improve the quality and security of Client products.
The Software Engineer will be deeply involved in security-driven assessments of Client products utilizing automated and manual techniques.
Evaluate new and existing security standards, tools and solutions.
Participate in documenting processes and technologies that support secure software development practices.
Participate in maintaining a security API used by Client applications.
Support developers in the areas of secure coding practices, vulnerability assessments, and remediation.
Stay current with emerging software security technologies, industry trends, and attack vectors, with a primary focus on internal reference architecture and security standards.
Operate and customize code scanning and review tools.
Participate in secure code reviews of Client applications.
Participate in security incident response.

Work with IT Groups to define, develop, socialize and execute long-term application security roadmap, including:
Conduct in-house code reviews, static analysis and dynamic analysis on software products.
Conduct manual and automated security testing of Client applications.
Perform day-to-day operations of static analysis tool and IDE plug-in support.
Assist with the remediation of security vulnerabilities found via code scanning and manual inspection and penetration testing.
Help review static analysis tool findings with product teams and other IT stakeholders; participate in manual code inspections.
Review dynamic analysis tool findings and identify sources of problems with product teams and other IT stakeholders.
Maintain common security API used by Client software products.

Required Skills:
Bachelor s Degree in a related field plus additional related college courses or professional training.
Four to seven years of progressively responsible directly-related experience.

Related Skills & Other Requirements:
Strong and evolving competence in several programming languages and technologies, mastery of one or more tools sets, technologies and implementation environments.
Advanced knowledge of programming languages, relational database management systems, networking technology, multiple desk operating systems and multiple server operating systems.
Understanding of modern software engineering principles and practices.
Strong customer service orientation.
Strong problem solving and analytic skills.
Must have strong knowledge in one or more of the following: HTML, JavaScript, DOM, AJAX, CSS/CSS2, XML, XHTML, DHTML, etc.
Experience writing automated unit tests.
Must have adequate knowledge of J2EE and/or .NET technologies.
Knowledge of Cross-Site Scripting (XSS), HTTP Request Smuggling, SQL Injection, RFI (Remote-File Inclusion), LFI (Local-File Inclusion), CSRF (Cross-Site Request Forgery), Response Splitting, OWASP Top 10 and other attack vectors a plus.
Knowledge of OWASP Web Security Certification Criteria, OWASP testing guidelines and PCI Data Security Standards is a plus.
Experience with one or more of the following tools nmap, wikto, nessus, whisker, crowbar, Paros, suru, Wireshark, TCPDump, ISS is a plus.
Experience with one or more of the following web app scanners - IBM AppScan (WatchFire), Client Web Inspect (SPIDynamics), Cenzic, Web Scarab is a plus.
Experience in performing code reviews.
Strong interest in IT Security with a passion to solve problems.
Knowledge of TCP/IP, HTTP/S and other protocols.
Any knowledge of one or more of the following is a plus but not required Python, Ruby, PHP or other scripting languages.
Willingness to learn and try new things as well as extremely good research skills
Reverse engineering experience using one or more of the following tools (IDA, Olly, and SoftIce) is a plus.
Experience with protocol analysis, forensic analysis is a plus.
Experience installing, configuring and maintaining continuous integration (CI) environment(s) using tools such as Cruise Control, Cruise Control.NET, Hudson, Bamboo, Gauntlet, in a test driven development (TDD) process is a plus.
Experience with one or more of the following static analysis tools are highly desired: Ounce Labs, Fortify, Klocwork, Prefix/Postfix, FindBugs, FxCop, and PMD.
Additional certifications such as CISSP, ENCE, CCE, GCFA, GCIA, GCIH, CHFI and/or QSA are highly desired.
Ability to travel when required.