Job Seekers, Please send resumes to resumes@hireitpeople.comPrimary Skills- Sr. Security Expert, Acunetix, threat modeling, security flaws.
Complete Description:
1. Install and Configure Acunetix security scanner (with acusensor agent), and run scans against public facing .net applications.
2.Interpreted results from other scanners like Hailstorm and Saint, and isolate false positives.
3.Remediate, as well as work alongside vendors and/or in-house developers in remediating issues.
4.Use other manual/custom methodologies in performing vulnerability assessment and possibly light penetration attempts, at the application and database (SQL) levels.
5.Other related tasks as assigned by PM or PM’s Designee such as the IT Security SME.
Skills:
Skill | Required / Desired | Amount | of Experience | Expertise Rating | ||||
Experienced in Application Vulnerability testing, to include Hands on software code review, as well as remediation, with emphasis on .Net programmer. | Required | 7 | Years | 3 - Expert | ||||
Ability to inject security coding into each stage of the Software Development Life Cycle (SDLC). | Required | 4 | Years | 3 - Expert | ||||
Threat Modeling | Required | 4 | Years | 3 - Expert | ||||
Hand-on experience with installation, configuration and usage of Acunetix Web vulnerability Scanner. | Required | 1 | Years | 3 - Expert | ||||
Ability to interpret security scan results from Hailstorm and Saint, isolate false positives. | Required | 5 | Years | 3 - Expert | ||||
Assist with remediation of applications security flaws, working alongside application vendor and in-house developers. | Required | 5 | Years | 3 - Expert | ||||
Overall IT Software Security experience | Required | 10 | Years | 3 - Expert | ||||
Bachelor’s Degree in Computer Science or Computer Engineering | Required |
|
|
| ||||
Master’s Degree in Computer Science with Security or Information Assurance concentration | Required |
|
|
| ||||
CEH - Certified Ethical Hacker Certification | Required |
|
|
| ||||
CSLCP (Certified Software LifeCycle Professional) or GWAPT (GIAC WEB Application Penetration Tester) | Required |
|
|
| ||||
Prior experience working as an application security resource for a US Government Agency | Highly desired | 1 | Years | 3 - Expert | ||||
Prior experience working as an application security resources for a US financial institution | Highly desired | 1 | Years | 3 - Expert | ||||
Hands-on experience with Metasploit and other penetration testing techniques. | Highly desired | 2 | Years | 3 - Expert | ||||
Experience setting up and running DB Protect. | Highly desired | 2 | Years | 3 - Expert | ||||
