Job Title: Application Security Consultant
Location: US-IL-Chicago
Targeted Start 10/1/2012
Travel Required no
Overview:
Application Security Consultant will act as in internal consultant to development teams and will perform daily, hands-on, software security assessment and remediation activities as part of the application security program.
Responsibilities:
Perform software security activities within the defined application security program including; application vulnerability testing and analysis, code review, use of common tools, written and verbal articulation of remediation recommendations and follow up. Advise development teams on application security controls, methods, and remediations. Perform activities such as:
Application Security Testing
Source Code Review
Protocol Analysis
Reverse engineering Java and .NET development
Qualifications:
Essential experience (typically gained from 3-5 years) working with and applying best-practices in corporate application security programs and providing advise for development teams inclusive of:
Secure coding practices, and application vulnerability assessment and penetration testing methodologies
Development background in Java and .NET
Very strong written and verbal communications skills
Writing technical reports based on findings and assist in the remediation progress working with development and security teams.
Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc).
Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.)
Essential experience (typically gained from 1-2 years) working with common tools in application security inclusive of:
Application vulnerability scanning using tools such as AppScan, NTO Spider, WebInspect
Static analysis and code review tools such as Ounce, Fortify, AppScan Source Edition
Desired Certifications:
Certified Secure Software Lifecycle Professional (CSSLP) preferred