Application Security Engineer
TEKsystems (Montgomery County, Maryland)

This job posting has expired.

You may wish to try a search for Application Security Engineer

Or visit the FlipDog home page
 

Major Purpose of Job:
Under the supervision of the Director of Application Security, the Application Security Engineer is responsible for assuring that IT application software and infrastructure is designed, implemented, and operated in accordance with applicable security standards and practices.

Essential Job Functions:
Review application code for vulnerabilities, using both manual and automated code scanning techniques – aka “Whitebox Testing”.
Perform vulnerability scanning and penetration testing at all application tiers using appropriate tools (network scanners, web scanners, database scanners, etc.) – aka “Blackbox Testing”.
Knowledge of operating systems (Windows, UNIX) and common COTS products used to deliver web services, including IIS, Apache, Tomcat, Oracle Application Server, WebSphere, etc.
Identify and convincingly explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options.
In all cases, candidate must be able to convincingly communicate findings and remediation options to non-technical business manager, technology mangers, application development and architecture staff, and other information security technologist.

Education/Experience Requirements:
Education: Bachelor’s degree in engineering, computer science or information systems. MS preferred.
Application Architecture: 5+ years hands-on experience in applications development (primarily web-based applications), with at least two of those years relating to database development. Experience should include substantial programming in Java, ASP/.Net, XML, and SQL. Additional experience in C/C++, PHP desirable.
Databases: Experience with Oracle and MS SQL Server.
Source Code Analysis: Experience using Source Code analyzers/ByteCode Scanner (such as Watchfire, Cenzic, SPIDynamics).
Web Vulnerability Detection: Experience using Database Scanners such as DbProtect/AppDetect, NGSS.
Information and Application Security Concepts: Familiar with key concepts and frameworks such as OWASP, WASC, CVE, CVSS, etc. Thorough understanding of and ability to explain and demonstrate common application vulnerabilities, including inadequate input validation, SQL injection, cross-site scripting, buffer overflow, etc.
General Skills: Excellent analytical, organizational, time management and problem solving skills are essential.

Working Environment:
Work is normally performed in an office environment
Occasional extended hours and weekend work may be required.
Required Skills: WHITEBOX TESTING, BLACKBOX TESTING, WINDOWS, UNIX, JAVA, ASP.NET, XML, PHP, SOURCE CODE ANALYZERS, WEB APPLICATION VULNERABILITY SCANNERS Join TEKsystems® and get your career on the fast track. As the leading technology staffing and services firm, we are passionate about deploying high-caliber IT and communications expertise. To satisfy our constant need for expertise, we actively seek talented Technical Professionals with all levels of information technology and communications skills. TEKsystems knows that every professional has different needs, so we'll work together to determine a suitable benefits package. We offer options to our Technical Professionals that could include: a health plan, 401k, provisions for vacation and holiday pay, and technical and professional training. With a foundation as the nation's largest IT staffing firm, we've become a billion-dollar services company by blending superior client service with an unrivaled ability to source and manage talent to precise specifications, resulting in successful technology executions. Allegis Group and its subsidiaries are equal opportunity employers. M/F/D/V