Hi There,
How are you doing today?
Please register here to distribute your requirements/hotlist
http://prohirespowerhouse.com/powerhouse/email_verify.php
Thanks
Prohires Powerhouse
Good Afternoon: All,--Please direct the resume with contact number and rate to Rath@e-prosoftgroup.com .Skills; Lead Application Security Specialist
Location: Washington DC
Rate: 100/hr.
Length: 6 month plus
Job Description
Request No: 1
LEAD APPLICATION SECURITY SPECIALIST
DIV / SEC
JOB FAMILY
JOB NUMBER / TITLE
MANAGER
INCUMBENT
IT – Security Management – Lead Specialist
Lead Application Security Specialist
Director, Information Security
SUMMARY
The Lead Application Security Specialist is responsible for ensuring the development of secure Internet-based applications, services and solutions by interacting with enterprise architects, infrastructure engineers, software engineers, quality assurance testers, business analysts and software application managers throughout the software development lifecycle.
RESPONSIBILITIES
- Responsible for the definition and implementation of our application security policy, standards, and procedures, including security architecture, security requirements analysis, application design, construction, and security testing and auditing.
- Responsible for the security architecture of our applications, solutions and services.
- Perform application risk assessments and threat modeling.
- Perform application security audit.
- Specify remediation plans to address application security vulnerabilities.
- Assist with the management and implementation of application security related projects.
- Educate IT staff on information security best practices.
- Ensure that solutions and applications developed by company are in compliance with all applicable federal, state, and local legislation, and with the Payment Card Industry Data Security Standard (PCI DSS).
- Remain current on new threats, vulnerabilities and countermeasures that relate to information security and pertain to software development to help maintain company applications in a highly available and appropriate secure state.
QUALIFICATIONS
- Bachelor's degree in computer science, information systems, engineering, or related discipline required (or equivalent professional experience).
- Seven years of prior combined experience in a software development and information security. At least two years in a dedicated application security role desirable.
- Ability to execute comprehensive security testing which includes a deep understanding of the architecture of the applications, taking into account applicable exploit vectors and related methods, including dynamically scoping security testing based on associated risks.
- Experience with one or more of the following languages: Java with Spring framework (preferred), ColdFusion, PHP and .NET.
- Knowledge of Service Oriented Architecture (SOA) with emphasis in REST and SOAP based web services. Preferred to have knowledge with WS-Security standards such as WSS and WSI.
- Hands-on experience using automated and manual web application security tools such as BurpSuite, IBM AppScan, or WebInspect.
- Knowledge of Internet-based application hosting platforms, including WebSphere, Apache/Tomcat/Linux, and IIS/Windows.
- Knowledge of database related security issues such as SQL injection in web applications.
- Knowledge of industry standard encryption relating to storing and transmitting sensitive data.
- Must be familiar with risk analysis and application vulnerability assessment methodologies, as well as information security concepts and methodologies.
- Solid and current understanding of application security vulnerabilities and countermeasures. Must be able to provide and recommend remediation approach and not just provide vulnerability information.
- Familiarity with major regulations and industry standards including PCI DSS.
- Excellent oral and written communication skills. Documentation requirements include: incident/defect reports, audit/compliance reports, remediation recommendations, reporting of application security statistics and metrics, technical standards, procedures, and guidelines.
- Strong team-oriented interpersonal skills
- Ability to work effectively in a deadline-driven environment.
- Professional security certifications a plus.
Request: no:2
Location: Washington DC
Duration 6 month plus
Rate: 100
Job Description
SR. APPLICATION SECURITY SPECIALIST
DIV / SEC
JOB FAMILY
JOB NUMBER / TITLE
MANAGER
INCUMBENT
IT – Security Management – Sr. Specialist
Sr. Application Security Specialist
Director, Information Security
SUMMARY
The Application Security Specialist is responsible for ensuring the development of secure Internet-based applications by interacting with software engineers, quality assurance testers, business analysts, and software application managers throughout the software development lifecycle.
RESPONSIBILITIES
Perform secure code analysis on application code bases.
Perform application risk assessments and threat modeling.
Provide resolutions to application security vulnerabilities.
Assist with the definition and implementation of our application security policy, standards, and procedures, including security requirements analysis, application design, construction, and security testing and auditing.
Train developers on secure coding best practices.
Ensure that applications developed by company are in compliance with all applicable federal, state, and local legislation, and with the Payment Card Industry Data Security Standard (PCI DSS).
Remain current on new threats, vulnerabilities and countermeasures that relate to information security and pertain to software development to help maintain our applications in a highly available and appropriate secure state.
Assist with the management and implementation of application security related projects.
QUALIFICATIONS
Bachelor's degree in computer science, information systems, engineering, or related discipline required (or equivalent professional experience).
Five years of prior combined experience in a software development and information security. At least one year in a dedicated application security role desirable.
Ability to execute comprehensive security testing which includes a deep understanding of the architecture of the applications, taking into account applicable exploit vectors and related methods, including dynamically scoping security testing based on associated risks.
Must be able to provide and recommend remediation for security vulnerabilities rather than simply identifying them.
Experience with one or more of the following languages: Java with Spring framework (preferred), ColdFusion, PHP and .NET.
Ability to conduct security based code analysis (manual and automated)
Hands-on experience using automated and manual web application security tools such as BurpSuite, IBM AppScan, or WebInspect.
Knowledge of Service Oriented Architecture (SOA) with emphasis in REST and SOAP based web services. Working knowledge of WS-Security standards such as WSS and WSI preferred.
Knowledge of common web application vulnerabilities such as OWASP Top 10 or CWE/SANS Top 25.
Must be familiar with risk analysis and application vulnerability assessment methodologies, as well as information security concepts and methodologies.
Excellent oral and written communication skills. Documentation requirements include: incident/defect reports, audit/compliance reports, remediation recommendations, reporting of application security statistics and metrics, technical standards, procedures, and guidelines.
Strong team-oriented interpersonal skills
Ability to work effectively in a deadline-driven environment.
With kind regards,
Rathnam
You received this message because you are subscribed to the Google Groups "SureShotJobs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sureshotjobs+unsubscribe@googlegroups.com.
To post to this group, send email to sureshotjobs@googlegroups.com.
Visit this group at http://groups.google.com/group/sureshotjobs.
For more options, visit https://groups.google.com/groups/opt_out.
You received this message because you are subscribed to the Google Groups "SureShotJobs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sureshotjobs+unsubscribe@googlegroups.com.
To post to this group, send email to sureshotjobs@googlegroups.com.
Visit this group at http://groups.google.com/group/sureshotjobs.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment