A new Job, ID: 279023 <http://www.ejobsville.com/display-job/279023> was added at eJobsVille.com - For the Best Tech Jobs in Town <http://www.ejobsville.com/>
Title: Web Applications Security posted on 2014-11-06 17:12:59 Job Description: Title: Web Applications Security Location : Wilmington DE Interview Mode :phone/Skype *Position Summary:* This role will be responsible for the Application Risk Program Management. The individual will ensure the Security of all applications and systems running in the Financial Customers domain. This includes understanding all existing web based (Java & .NET) and other third party applications running in the environment, reviewing security provisions of all new applications and major changes in the environment. Penetration testing of various application systems on a regular basis is a required skill along with managing and reviewing the work of other testers including contract testers. Reporting to Management on a regular basis through well-defined metrics is required. This individual should have business acumen and detailed understanding of the Software development lifecycle. Work with application development team leads to ensure application security is aligned with policy, security best practices and business needs *Essential Functions:* Experience and knowledge in a corporate environment with the following; Support projects within the SDLC and Agile environments with applications security testing penetration testing and vulnerability management functions. Perform Web / Mobile application security assessments and penetration testing on projects and/or releases; produce detailed risk reports with identified vulnerabilities and remediation recommendations. Conduct static and dynamic code analysis as needed to support release cycles. Work closely with development team during the envisioning and development process to guide secure design and secure coding practices. Manage web application firewall through log analysis, system tuning and Evaluate, track, and ensure compliance of high and critical vulnerabilities; develop, maintain and update scorecards to reflect vulnerabilities and communicate to end users. Implement security solutions, and provide technical leadership during the design, development, and testing phases of major initiatives. *Knowledge, Skills, Education, Experience, and Competencies:* Knowledge of the software development lifecycle in a large enterprise environment including agile processes and practices. Experience with performing manual and automated code review and develop/propose /enforce secure coding standards and policies. Knowledge of cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems. Good Understanding of various web application architectures and web technologies ( Java, MS .NET etc.) Experience in application firewalls, and intrusion prevention systems Experience with commercial application scanning tools like IBM's AppScan, HPs WebInspect, etc. Experience with commercial static analysis tools like HPs Fortify, Klockworks etc. In-depth knowledge of any proxying and/or fuzzing tools Familiar with WebServices technologies like XML, SOAP, and AJAX. Understanding of server and client side application development , Middleware softwares (Oracles WebLogic, IBMs WebSphere, Apache Tomcat ) Proficiency in utilization of information security tools; manual techniques to exploit vulnerabilities in networks and applications. Industry security certifications preferred (CISSP, CISA, CCNA etc) *Click here to view full job description and apply <http://www.ejobsville.com/display-job/279023> (Registration not mandatory to apply for this job)* ------------------------------ Best regards, eJobsVille.com - For The Best Tech Jobs In Town -- You received this message because you are subscribed to the Google Groups "Oracle-Projects" group. To unsubscribe from this group and stop receiving emails from it, send an email to oracle-projects+unsubscr...@googlegroups.com. To post to this group, send email to oracle-projects@googlegroups.com. Visit this group at http://groups.google.com/group/oracle-projects. For more options, visit https://groups.google.com/d/optout.
