*Note: Please Share your consultant updated profile to hari.pra...@eaglenetworksolutions.com <hari.pra...@eaglenetworksolutions.com>*
*Hi,* Hope you are doing well, Please find the below requirement and if you are comfortable and interested please send your updated profile along with below details ASAP to move forward with submission process. *Job Title: Software Engineer II* *Location: Reston, VA* *Duration: 6 -12 Months* *Visa Status: H1B, GC, US Citizens(NO OPT or CPT Visa Please)* *Job Description:** To participate in the implementation of software security processes, tools, and technical solutions in order to improve the quality and security of College Board products. The Software Engineer will be deeply involved in security-driven assessments of College Board products utilizing automated and manual techniques. • Evaluate new and existing security standards, tools and solutions. • Participate in documenting processes and technologies that support secure software development practices. • Participate in maintaining a security API used by College Board applications. • Support developers in the areas of secure coding practices, vulnerability assessments, and remediation. • Stay current with emerging software security technologies, industry trends, and attack vectors, with a primary focus on internal reference architecture and security standards. • Operate and customize code scanning and review tools. • Participate in secure code reviews of College Board applications. • Participate in security incident response. • Work with IT Groups to define, develop, socialize and execute long-term application security roadmap, including: • Conduct in-house code reviews, static analysis and dynamic analysis on software products. • Conduct manual and automated security testing of College Board applications. • Perform day-to-day operations of static analysis tool and IDE plug-in support. • Assist with the remediation of security vulnerabilities found via code scanning and manual inspection and penetration testing. • Help review static analysis tool findings with product teams and other IT stakeholders; participate in manual code inspections. • Review dynamic analysis tool findings and identify sources of problems with product teams and other IT stakeholders. • Maintain common security API used by College Board software products. *Required Skills:** Education/Experience Bachelor’s Degree in a related field plus additional related college courses or professional training. Four to seven years of progressively responsible directly-related experience. *Related Skills & Other Requirements:* • Strong and evolving competence in several programming languages and technologies, mastery of one or more tools sets, technologies and implementation environments. • Advanced knowledge of programming languages, relational database management systems, networking technology, multiple desk operating systems and multiple server operating systems. • Understanding of modern software engineering principles and practices. • Strong customer service orientation. • Strong problem solving and analytic skills. • Must have strong knowledge in one or more of the following: *HTML, JavaScript, DOM, AJAX, CSS/CSS2, XML, XHTML, DHTML, etc.* • Experience writing *automated unit tests.* • Must have adequate knowledge of *J2EE and/or .NET technologies.* • Knowledge of *Cross-Site Scripting (XSS), HTTP Request Smuggling, SQL Injection, RFI (Remote-File Inclusion), LFI (Local-File Inclusion), CSRF (Cross-Site Request Forgery), Response Splitting, OWASP Top 10 and other attack vectors a plus.* • Knowledge of *OWASP Web Security Certification Criteria, OWASP testing guidelines and PCI Data Security Standards is a plus.* • Experience with one or more of the following tools *nmap, wikto, nessus, whisker, crowbar, Paros, suru, Wireshark, TCPDump, ISS is a plus.* • Experience with one or more of the following web app scanners - *IBM AppScan (WatchFire), HP Web Inspect (SPIDynamics), Cenzic, Web Scarab is a plus*. • Experience in *performing code reviews.* • Strong interest in *IT Security *with a passion to solve problems. • Knowledge of* TCP/IP, HTTP/S and other protocols*. • Any knowledge of one or more of the following is a plus but not required -- *Python, Ruby, PHP or other scripting languages.* • Willingness to learn and try new things as well as extremely good research skills • Reverse engineering experience using one or more of the following tools -- *(IDA, Olly, and SoftIce) is a plus.* • Experience with *protocol analysis, forensic analysis is a plus.* • Experience* installing, configuring and maintaining continuous integration (CI) environment(s) using tools such as Cruise Control, Cruise Control.NET, Hudson, Bamboo, Gauntlet, in a test driven development (TDD) process is a plus.* • Experience with one or more of the following static analysis tools are highly desired: *Ounce Labs, Fortify, Klocwork, Prefix/Postfix, FindBugs, FxCop, and PMD*. • Additional certifications such as CISSP, ENCE, CCE, GCFA, GCIA, GCIH, CHFI and/or QSA are highly desired. • Ability to travel when required. *Education/Certifications:** Bachelor’s Degree in a related field plus additional related college courses or professional training. *Thanks and Regards* *Hari Prasad* *Eagle Network Solutions INC* *E-Mail: hari.pra...@eaglenetworksolutions.com <hari.pra...@eaglenetworksolutions.com>* *www.eaglenetworksolutions.com <http://www.eaglenetworksolutions.com/>* -- You received this message because you are subscribed to the Google Groups "SAP BASIS" group. To unsubscribe from this group and stop receiving emails from it, send an email to sap-basis+unsubscr...@googlegroups.com. To post to this group, send email to sap-basis@googlegroups.com. Visit this group at https://groups.google.com/group/sap-basis. For more options, visit https://groups.google.com/d/optout.
