*Note: Position is not with our direct client.* Dear Partners:- Please find the requirement currently open.
*Application Security Consultant NYC6 Months$650/Day Job DescriptionThis highly leveraged internal consulting position within client’s IT Security organization has excellent growth potential. The security architecture team works with IT groups on a global basis to ensure that IT projects are executed on a secure basis. While a software development background is key to provide subject matter expertise and sound recommendations on securing applications, the position does not require daily development duties.Specific role responsibilities include:• Perform end to end information risk assessments of applications and infrastructure• Work with development teams in architecture design and review session• Identify areas of risk on projects where security requirements cannot be fully addressed in the required time frame of the project.• This involves liaising with other technology subject matter experts to build consensus. • Prior information risk assessment experience of application and technology infrastructure is mandatorySoft Skills:• Strong interpersonal skills are critical, since the candidate will working with developers and executives around the world, and must be able to effect change and influence decisions. • Ability to multi-task and handle multiple projects. • Strong organizational skills. • Strong oral and written communication skills.Security Experience• Knowledge of the common application layer vulnerabilities - ability to explain these risks to developers.• Ability to evaluate technical and functional specifications early within the software development process, identify possible threats or areas of weakness. • Ability to review code of enterprise applications (Java required, prefer candidates with C/C++ and .NET) and identify possible security vulnerabilities• Platform: Although this role is not systems administration position, the candidate must have deep knowledge of at least one primary operating system (Unix or Windows), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.• Network security: The candidate will be expected to understand thoroughly the standard network model and the risks present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, vpn, and load-balancers, and to understand network architecture.• The candidate should have expertise with security-related topics such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage etc. Genuine expertise is required here, as the candidate will be extensively tested on security principles.• Knowledge of Single Sign On technologies such as SAML, Kerberos, and Siteminder. • Some experience in testing tools, at least one of Fortify, OunceLabs, AppScan, WebInspect, Burp. The successful candidate will be able to explain the ‘hows and whys’ of the tools, as well as being experienced in using them.• CISSP or other industry qualificationEducational RequirementsBachelors Degree with min 5 years relevant work experience in high-paced, enterprise environmentRecruiting NotesMany application security candidates will have a lot of knowledge in using the testing tools identified in the job description. This is good but if their experience is solely in uses the tools and not as a part of other duties described in the Required section, they may not be a right fit.If a resume / CV tends to focus heavily on risk assessments at a high level (i.e. conducted risk assessments with several users) but does not detail what was involved in those risk assessments they may not be at a technical level required for this position.Communication skills are important for this role since they will be interacting with many groups on a global scale. Please screen for strong spoken and written communication. Please respond with Resume, Rate, Current Location and Phone numbers of the Consultant. Make sure the Consultant's skills match the requirement.I will contact you, if I need more information.Regards,Palak PatelI sent this email through Google/Yahoo Groups. If you do not want to receive emails in future then please remove your id from that specific group.* -- You received this message because you are subscribed to the Google Groups "it req" group. To unsubscribe from this group and stop receiving emails from it, send an email to it-req+unsubscr...@googlegroups.com. To post to this group, send email to it-req@googlegroups.com. Visit this group at http://groups.google.com/group/it-req. For more options, visit https://groups.google.com/d/optout.
