Job Description :
Job : Information Security

Location : Brooklyn NY.

This a contract assignment for a multiyear project with NYC DOE.


* Performs application security assessments.

* Develops application security standards and policy documentation.

* Perform automated and manual run-time assessments.

* Performs automated and manual code review and threat modeling.

* Performs Secure Development Lifecycle (SDL) process assessments.

* Educates developers on proper secure coding practices.

* Provides and/or organize appropriate application security training and awareness for technical and non-technical staff.

* Acts as security applications subject matter expert (SME), providing consulting solutions and support to Application Development teams.

* Actively manages the security activities associated with Secure Software Development to address existing and evolving risks and threats appropriately.

* Works closely with development teams to remediate application vulnerabilities detected through security scanning tools.

* Liaises with relevant stakeholders within the Technology groups and business units to ensure security awareness and issues are communicated effectively.

* Carries out risk assessments and/or threat modeling to articulate the levels and types of security controls appropriate application/product initiatives.

* Researches, initiates and drives the evaluation of tools/technologies/processes to maintain and enhance the security of applications/software produced.

Required Experience:

4+ years of work experience focused purely on application system and code-level security.

7+ years of experience with the following:

* Detection, exploit, and prevention of software vulnerabilities (i.e., SQL Injection, XSS, buffer overflows) as well as emerging platform vulnerabilities (e.g., Flash, AJAX

* Reviewing source code and assisting developers in closing vulnerabilities.

* Performing active black-box penetration testing against web applications above-and-beyond the use of commercial products or pre-existing scripts.

* Enterprise application development experience in both .NET and Java/J2EE.

* Secure software development life-cycle.

* Excellent written and verbal communication skills, experienced at communicating with developers as well as technical and non-technical management.