*Dear Partners,* *Hope you are doing well,*
*Please go through the below job description and let me know if you have anyone.* *Thank you..!* *Full Name:* *Email ID:* *Contact Number:* *Current location:* *Relocation:* *Availability:* *Visa Status:* *Rate:* *Face2Face Interview (Y/N):* *Skype ID:* *Job Description : * Application Security Engineer Ann Arbor,MI Contract or C2H or PERM Phone& F2F USC or GC holders only *OVERVIEW* Our client continues to mature the information security program, we recognize the value of an application security specialist as one of the key enablers of such a program. Seeking an experienced web application security specialist to join the Information Security Team. The role entails serving as a security advisor at the design stage, performing analysis, and following up with developers to ensure flaws are fixed before code is released to production. The role also includes proactive analysis of frameworks and technologies used to anticipate vulnerability classes as well as techniques to mitigate them. The candidate will be most proficient in performing manual pentests with aid from industry standard open-source, COTS and custom developed tools. The continual drive to learn new techniques and technologies to expand one’s skillset – as well as the ability to share that information with key team members is essential. Additionally, the candidate will be capable of developing exploit code to demonstrate to developers how to take advantage of vulnerabilities that are discovered, as well as demonstrating to developers, web security engineers, system engineers and senior management post-exploitation behavior (goals, tactics, etc.) of real-world attackers. While most assessments will be focused on Internet facing web applications, assessments of third-party vendor websites will also be in scope, as well as assessments of high-risk internal web applications. *Responsibilities and Duties (% must equal 100%)* *Responsibility #1 (67%) Application Security Program Support* ·Participate in security testing and assessments and/or work with development and QA teams to develop comprehensive security test suites and processes. ·Evaluate and prioritize newly discovered or reported software and implementation vulnerabilities by severity and risk. ·Interact with other departments to communicate status and prioritization of open vulnerabilities and understand the current state of vulnerability remediation to ensure application vulnerabilities are resolved within defined SLA periods. ·Develop, maintain, and report quality metrics on application vulnerability status, trends, and level of risk. ·Create training or informational materials for development teams on common application vulnerability types (i.e. threats posed, causes, fixes and avoidance, testing for, etc.) ·Work closely with Information Security Compliance to ensure that application is SOX and PCI compliant. Responsibility #2 (33%) Application Security Analysis and Maintenance ·Import and analyze static code analysis reports for internally developed applications. ·Maintain demonstrable knowledge of current vulnerability exploitation techniques. ·Maintain dynamic and static analysis toolsets to ensure scans are accurate and running regularly ·Collaborate with 3rd party security product and service vendors to track and understand open security issues and effectively apply security tools to the application environment. *Required Skills* · Secure Software Development Architecture, Design, and Methodologies · Source Code Review (Automated and Manual) · A deep understanding of both SOAP and RESTful APIs · A deep understanding of Security frameworks and regulations (OWASP, PCI) · Strong understanding of transport level encryption · Application and Mobile vulnerability scanning and penetration testing · A common understanding of OAuth and SAML protocols · An understanding of application reverse engineering (Web and Mobile) · Must have experience in at least two of the following tools: (BurpSuite, Qualys, Acunetix, AppScan, Cenzic, WebInspect, Fortify, Veracode) · Understanding of continuous integration methodology and experience associated tools · Proficient in Java and .NET programming languages · Experience with web and application servers such as IIS, Tomcat, and Nginx. · Strong knowledge of common vulnerabilities and exploitation techniques · Must have experience writing technical documentation · An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business · An understanding of organizational mission, values, and goals and consistent application of this knowledge · Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one *Qualifications * · A bachelor's or master's degree in computer science, information systems or other related field; or equivalent work experience. · 8 to 10 years of combined IT and security work experience, with 5+ years of experience in information security, especially in an application security role. · Certified Information Systems Security Professional (CISSP) or Certified Secure Software Lifecycle Professional (CSSLP) desired Thanks & Regards, Vinay Kumar IT Recruiter Osair Technologies LLC | Desk: 703-349-5631 vinayku...@osairtech.com <van...@osairtech.com> -- You received this message because you are subscribed to the Google Groups "oraapps" group. To unsubscribe from this group and stop receiving emails from it, send an email to oraapps+unsubscr...@googlegroups.com. To post to this group, send email to oraapps@googlegroups.com. Visit this group at https://groups.google.com/group/oraapps. For more options, visit https://groups.google.com/d/optout.
