*Please send me profile on **ksha...@ce-solutions.com <vku...@ce-solutions.com>*
Hi, Currently, I am recruiting candidates for one of my requirement as mentioned below. If you have a matching profile, please send me the updated resume along with contact details at the earliest. *Title: Application Security Engineer PP_231* *Location: Wilmington DE* *Job Type: Contract* *Job Description:* *Basic Qualifications (minimum quantifiable requirements to qualify for this job)* · Support projects within the SDLC and Agile environments with applications security testing penetration testing and vulnerability management functions. · Perform Web / Mobile application security assessments and penetration testing on projects and/or releases; produce detailed risk reports with identified vulnerabilities and remediation recommendations. · Conduct static and dynamic code analysis as needed to support release cycles. · Work closely with development team during the envisioning and development process to guide secure design and secure coding practices. · Manage web application firewall through log analysis, system tuning and rule development. · Evaluate, track, and ensure compliance of high and critical vulnerabilities; develop, maintain and update scorecards to reflect vulnerabilities and communicate to end users. · Implement security solutions, and provide technical leadership during the design, development, and testing phases of major initiatives. *Preferred Qualifications* · Knowledge of the software development lifecycle in a large enterprise environment including agile processes and practices. · Experience with performing manual and automated code review and develop/propose /enforce secure coding standards and policies. · Knowledge of in the OWASP top 10 and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems. · Good Understanding of various web application architectures and web technologies ( Java, MS .NET etc.) · Experience in application firewalls, and intrusion prevention systems (e.g. Mod security) Experience with commercial application scanning tools (DAST) like IBM's AppScan, HP’s WebInspect, etc. · Experience with commercial static analysis tools (SAST) like HP’s Fortify, Klockworks etc. · In-depth knowledge of any proxying and/or fuzzing tools such as Paros, Burp, WebScarab, OWASP ZAP etc. · Familiar with WebServices technologies like XML, SOAP, and AJAX. · Understanding of server and client side application development , Middleware software’s (Oracle’s WebLogic, IBM’s WebSphere, Apache Tomcat ) · Proficiency in utilization of information security tools such as Nmap, Nessus, Burp Suite, Kismet, and Metasploit; manual techniques to exploit vulnerabilities in networks and applications. · Industry security certifications preferred (CISSP, CISA, CCNA etc) *Desired Certifications:* · Industry certifications preferred CEH, OSCP, GWAPT, LPT or ECSA -- You received this message because you are subscribed to the Google Groups "Oracle-Projects" group. To unsubscribe from this group and stop receiving emails from it, send an email to oracle-projects+unsubscr...@googlegroups.com. To post to this group, send email to oracle-projects@googlegroups.com. Visit this group at https://groups.google.com/group/oracle-projects. For more options, visit https://groups.google.com/d/optout.