Job Seekers, Please send resumes to email@example.com or Call: (202) 719-0200 Ext: 127
The Security (AppScan) Architect / Engineer – is responsible for reviewing software developed in C# .Net environment using an Oracle database, detecting and mitigating security vulnerabilities in software design and implementation and for analyzing software architecture for uniformity with security guidelines.
Review software and scripts developed to be executed using AppScan and ensuring that they are valid tests, being applied to all environments and databases. Specific responsibilities may include identifying and assessing software vulnerabilities using both manual methods and automated tools; mentoring software developers in adopting secure coding techniques and secure coding standards; assisting development teams in establishing static analysis and security testing processes; promoting security mindset throughout software development from design to implementation to testing; evaluating new technologies and tools to detect, triage, and mitigate software security defects; and identifying and addressing weakness in the existing software development life cycle with a goal to improve overall software security.
· Intermediate to advanced knowledge of TCP/IP and networking protocols such as HTTP and DNS
· Intermediate to advanced knowledge of web server software, including Microsoft IIS, and Apache, web servers
· Intermediate to advanced knowledge of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption
· Intermediate to advanced technical knowledge of, and the ability to recognize, various types of security vulnerabilities
· Intermediate to advanced proficiency in the use of common vulnerability assessment tools, including NMAP, Nessus, Nikto, AppScan, WebInspect, or Burp Suite
· Experience with .Net framworks,
· Experience with a Secure Software Delivery methodology
· Good interpersonal skills with a strong interest in the application security domain
· Excellent communication and presentation skills
· Proven analytical and problem solving skills, as well as the desire to assist others in solving issues
· Highly motivated with the willingness to take ownership / responsibility for their work and the ability to work alone or as part of a team.
Special Duties and Requirements:
· A Bachelors of Science in Computer Science or equivalent experience.
· 3-5 Years working in application development
· Application penetration testing
· Application vulnerability assessment
· Capable of understanding vulnerabilities and recommending solutions
· Experience in driving process improvement and influencing others towards common goals.
· Strong problem solving and analytical capabilities.
· Solid knowledge of industry best practices and IT RiskWork with development teams to build security into the SDLC
· Fluent in Microsoft SQL and APSCAN scripting
· Hands-on experience with software security testing and common testing tools must have Appscan expertise
· Consult with product teams to provide security best practices and secure design patterns
· Experience with authentication systems, SSO, and PKI a plus
· 5 years in application security (work experience)
· Strong technical skills in application architecture, software development, and common software platforms.
· Experience with federated authentication schemes.
· Experience working with Java and C# #
· A practical understanding of the OWASP Top 10
· Ability to evaluate source code for insecure coding practices and recommends change
Detailed Statement of Duties and Responsibilities:
· Must be technically proficient with Oracle database, SQL, C## and .net
· Must be technically proficient with Apscan and automated testing procedures and the results produced
· 5-8 years of related experience.
· Penetration testing of dynamic applications
· Analysis of software design and source code
· Knowledge of building secure, robust software system
· Specific knowledge for automating code security analysis techniques on the latest software technology platforms
· Experience in Web Application Penetration Testing, Security Code Review
· Experience in commercial DAST (Dynamic Application Security Testing) tools like IBM AppScan
· Experience in commercial SAST (Static Application Security Testing) tools like IBM AppScan Source Edition
· Knowledge of using Open Source Penetration Testing tools like Webscarab, Burp Suite, Paros Proxy etc
· Good understanding of OWASP Top 10 vulnerabilities
· Perform automated web application security assessment
· Perform automated security code review using IBM AppScan
· Coordinate the Security Assessment with Application Owner
· Share Assessment Results with the development team
· Develop Remediation Timeline and share it with project team