Security Job: Web Application Security Engineer

Security Job: Web Application Security Engineer

Job Type: Full-time salaried position
Job Locations: If you are open to any of the following areas we should talk:  Illinois, North Carolina, Nebraska, Pennsylvania, Indiana, and Connecticut
Compensation: $90,000 to $110,000 salary, maybe more
Telecommute: No
Education: BS strongly preferred, but not required.
Travel %: minimal
Relo Paid:  Possible assistance available on a case by case basis
Certifications Preferred: CISA, CISSP

SecurityHeadhunter.com is conducting a search for Web Application Security Engineers. Our client, a Fortune 500 organization, has engaged us to identify, recruit and prescreen candidates that have a passion for web security. These are full time positions working on site for the organization. The client is not a consulting firm.

Our client really wants to see candidates that have at least 3-5 years of software / application development and /or web development skills in Java OR .NET environment and has moved over to the Security side for at least the last 2-3 years.

Having a software or Web Development background prior to Web Application Security is NOT a must have, but is a big plus for the positions.

The selected candidate(s) will be working on new web application security as well as legacy systems from time to time. Selected candidate(s) must be very knowledgeable of OWASP TOP 10.

RESPONSIBILITIES & DUTIES

  • Conducting web application security assessments on both new and existing web applications.
  • These assessments involve manual testing and analysis as well as the use of automated web application vulnerability scanning and testing tools to include but not limited to Fortify, IBM App Scan, HP Web Inspector, Hail Storm testing tools.
  • Utilizing company standard reporting format to prepare formal security assessment reports for each application, using our standard reporting format.
  • Participate and lead when necessary conference calls with internal business customers to review security assessment results.
  • Consult with these internal business customers on remediation options and the retesting of security vulnerabilities that have been fixed and republishing your report to indicate the results.
  • Participate and lead when necessary conference calls with potential internal business customers to review newly requested security assessments and estimate the amount of time required to complete the assessment.
  • Ability to assist in the deployment and/or support of web application firewalls.
  • Experience working with static code analysis tools
  • Ability to communicate complex security subjects in easy-to-understand terms.
  • Desire to stay current with emerging technologies and industry trends.
  • Solid understanding of OWASP along with the ability to apply the application those security concepts.
  • Thorough understanding of both TCP/IP and HTTP.
  • Ability to work in a fast paced, challenging and sometimes stressful environment while keeping a cool head.
  • Ability to look at the big picture and help in finding acceptable solutions and remedies.
  • Strong focus and ability to dealing with internal users and customers
  • Solid written and verbal communication skills.

For information on this or other Security related positions, please contact:

Wils Bell
President
SecurityHeadHunter.com, Inc.
POB 620298 * Oviedo, FL 32762
Direct: 407-365-2404
Bell@SecurityHeadhunter.comSecurityHeadhunter.com * www.Linkedin.com/in/wilsbell

Security Job: Chief Software Security Architect

Security Job: Chief Software Security Architect

Job Type: Full-time
Job Location: New York or Pennsylvania
Compensation: Base – starts at $200,000K and will go up from there DOE —
Bonus Estimate: $75 -$100,000
Telecommute: No
Education: BS Degree Preferred, but client will consider total experience
Relo Paid: Yes
Other: GSSP Certification a plus

SecurityHeadhunter.com is actively recruiting a senior level candidate for the position of Chief  “Software” Security Architect for a major New York client. You can choose to work in New York or work in their Pennsylvania location.  (FOR FULL DETAILS CONTACT US TODAY!)

This is a new and very key role. You will be responsible for all software / application security architecture for the corporation.  You must posses a technical background from the Software Security side. Any experience as a structure hacker would be a benefit.

You’ll also need a good understanding of network, host, and physical aspects of the security infrastructure. Any experience dealing with offshore systems development would be a plus but not required. You’ll need the same communication and interpersonal skills as a senior principal / partner of a large security and information protection agency.

Responsibilities will include
• Provide solutions and guidance in the form of design, development, and deployment on all aspects of software & application security to the development teams on a national and international basis.
• Implementation of:
o Software Security Services
o Security Architecture Analysis and Design Reviews
o Security Code review
o Recommendations of procedural and technological compensating controls
o Secure Coding best practices implementation and training
o Application Threat modeling and Mitigation Services.
• Strengthen the Risk Assessment process with pertinent technical criteria to better assess the risk ratings of client applications.
• Strengthen client Vulnerability Management process which includes bugs, patches, configuration management advice.
• Comprehensive and holistic level perspective required for implementing security methodologies and best practices across all lines of business of the organization; including Technology.
• Must apply structured thinking, methodology and disciplines to a complex environment of business and technical requirements.

Qualifications
• Core security, vulnerability scanning & pen testing tools
• Core security analysis
• Understanding of secure HTTP, application security, web security, SHH, SFTP, SSL and additionally application vulnerabilities.
• An understanding of application security over OS’s (Linux, Sun, Windows, Novell, etc.)
• Must have a minimum experience 10 years developing scalable, distributed applications with a thorough understanding of platforms like Enterprise Java, .NET with security aspects of Java, C#, C++ languages. 5 years in the Application Security space; including information (storage, transmission, etc.), application (design & development), deployment, run-time (access), operation/support.

To share your confidential resume please email a resume “directly” to: careers@securityHeadhunter.com or contact:

Wils Bell
President
SecurityHeadHunter.com, Inc.
POB 620298 * Oviedo, FL 32762
Direct: 407-365-2404
Bell@SecurityHeadhunter.comSecurityHeadhunter.com * www.Linkedin.com/in/wilsbell

“A Security Search Firm”
P Go Green – print only if necessary

Security Job: Application Security Architect

Application Security Architect


Job Type: Full-time
Job Location: State of Washington
Compensation: “Very Competitive Package” –You won’t be disappointed!!!
Telecommute: No
Education: BS & MS is strongly preferred, however experience may be considered in lieu of degree.
Travel %: none
Relo Paid:  Yes –excellent package!!!!
Other:
SecurityHeadhunter.com is currently recruiting for a client in the state of Washington.  This is NOT an entry level position, but rather the successful candidate will need to have an in-depth and solid understanding of software / application security. Our client is looking for the best of the best and is open to paying for those excellent application security skills, within reason of course.
As an individual, you will need to be a good communicator since you will be working in a team environment with many different people and with software developers within the company.
If you truly love being part of the software development process to ensure that new and existing applications, website, etc, are build with the most cutting edge security functionality, then this position is for you!
Our client is a well funded organization with a solid and growing security department. Although a 4 year degree or MS is some cases would be preferred, client will look at candidates that have solid work experience to over-ride the degree. As a successful candidate you will need to have good references and be able to get through a standard criminal background check with no major problems. Minor blemishes may not be a problem and will be reviewed on a case by case basis.
Duties may include but not limited to:
• Review and evaluate new and exciting security products
• Assist in Security policy and procedure development
• You should have good understanding of Security Compliance issues
• Act a SME to other technical people and have the ability to train others
• As a SME you’ll need to be able to sell others on the security process
• Be responsible for risk assessments from outside vendors
What you need to be considered for this opportunity:
• Excellent and current experience within Application Security
• Solid software development skills in various software, i.e. C++, Java, C, etc.
• Knowledge of Networking, Network Security, Systems Security, Security Protocols, Scripting, Security Remedy, Authentication, Security Vulnerabilities, Threat Modeling.
As you have seen, this is a very general description on the position, but will give you a basic idea of what I am recruiting for with this client and others. If you currently are working as a Software / Application Security expert for your firm, I would like to talk with you in more detail on a completely confidential basis.
For information on this or other Security positions, please contact:
Wils Bell
President
SecurityHeadHunter.com, Inc.
“A Security Search Firm”
POB 620298 * Oviedo, FL 32762
Desk: 407-365-2404
Bell@SecurityHeadhunter.com
SecurityHeadhunter.com

Security Job: Chief Security Architect

CHIEF SECURITY ARCHITECT

Job Type: Full-time
Job Location: New York
Compensation: Base – $200,000K (maybe more)   Bonus Estimate: $75 -$100,000
Telecommute: No
Education: BS Degree Preferred, but client will consider total experience
Relo Paid:  Possibly some assistance on a case by case basis.
Other: GSSP Certification a plus

SecurityHeadhunter.com is actively recruiting a senior level candidate for the position of Chief Security Architect for a major New York client. This position will have very broad enterprise impact.  You’ll be setting strategies which will translate into tactical decision making, influencing technology implementations and business operations processes. You must have implemented an enterprise scale threat mitigation and assurance strategy for software development.  You’ll also need a good understanding of network, host, and physical aspects of security the infrastructure.  Any experience dealing with offshore systems development would be a plus but not required.

You’ll need the same communication and interpersonal skills as a senior principal / partner of a large security and information protection agency.

Responsibilities will include

  • Provide solutions and guidance in the form of design, development, and deployment on all aspects of software & application security to the development teams on a national and international basis.
  • Implementation of:
    • Software Security Services
    • Security Architecture Analysis and Design Reviews
    • Security Code review
    • Recommendations of procedural and technological compensating controls
    • Secure Coding best practices implementation and training
    • Application Threat modeling and Mitigation Services.
  • Strengthen the Risk Assessment process with pertinent technical criteria to better assess the risk ratings of client applications.
  • Strengthen client Vulnerability Management process which includes bugs, patches, configuration management advice.
  • Comprehensive and holistic level perspective required for implementing security methodologies and best practices across all lines of business of the organization; including Technology.
  • Must apply structured thinking, methodology and disciplines to a complex environment of business and technical requirements.

Qualifications

  • Core security, vulnerability scanning & pen testing tools
  • Core security analysis
  • Understanding of secure HTTP, application security, web security, SHH, SFTP, SSL and additionally application vulnerabilities.
  • An understanding of application security over OS’s (Linux, Sun, Windows, Novell, etc.)
  • Must have a minimum experience 10 years developing scalable, distributed applications with a thorough understanding of platforms like Enterprise Java, .NET with security aspects of Java, C#, C++ languages.  5 years in the Application Security space; including information (storage, transmission, etc.), application (design & development), deployment, run-time (access), operation/support.

To forward a confidential version  of your resume, please email directly to: Bell@SecurityHeadhunter.com
or contact:

Wils Bell
President
SecurityHeadHunter.com, Inc.
POB 620298 * Oviedo, FL 32762
Direct: 407-365-2404

Bell@SecurityHeadhunter.comSecurityHeadhunter.com * www.Linkedin.com/in/wilsbell

“A Security Search Firm”

Security Job: Compliance Manager

Position Summary for

Compliance Manager

Job Type: Full Time
Job Location: New York / Manhattan
Compensation: $120,000 plus bonus
Telecommute: No
Education: BS Required, Masters a plus
Certifications:
Travel %: Minimal
Relo Paid: No

Responsibilities

  • Manage and lead an array of Compliance Programs to include but not limited to Sarbanes-Oxley (SOX), Continuous & Ad hoc internal audit  programs, Technology Audits, Controlled Access to Production Systems (CAPS) exercises, Internal Audit Issues, and others
  • Work with fellow team members, Technologists and Vendors to ensure that all the program deliverables are responded to the Enterprise-level Program teams in a timely fashion.
  • Ensure that the most efficient governance process in place for the Compliance Programs
  • Interface with Senior management including C-level Technology Executives  (by providing them continuous status updates on all Compliance Programs), as well as the technology managers and their team members to ensure that the program goals and objectives are addressed and executed on a day-to-day basis to achieve the overall goals
  • Interface with the Central Operation Risk Management team of Global Markets Technology, infrastructure groups, and the Global Auditors (internal and external) for the department
  • Stay abreast of the upcoming audit schedule and  requirements for the GRCT team and track any open audit items across the department to remediation and closure

Required: Required for being successful

  • Seven (7+) years experience in either a Program Management Office (PMO) or Business Management Office (BMO) in a compliance-based role
  • Excellent inter-personal, negotiation and influencing skills
  • Strong problem solving and analytical skills
  • Excellent organizational, planning, writing and communication skills
  • Self-starter with a proven track record of taking initiative
  • Persistency, poise and perseverance to get things accomplished under pressure and within the set timelines
  • Interest and track record of ensuring accuracy, clarity and quality of work with attention to detail
  • Past experience of working with senior management
  • Excellent MS-Office skills (including PowerPoint (for presentations) and Excel ( for manipulating large amounts of data)

Preferred:  Not mandatory but preferred –

  • Project Management Certification  – PMI or PRINCE 2, etc.

For additional information on this or other Security Jobs, please contact:

Wils Bell

Information Security Recruiter

SecurityHeadhunter.com, Inc.

POB 620298

Oviedo, FL 32762

Desk: 407-365-2404

Cell: 407-718-7764

Email: Bell@SecurityHeadhunter.com

Security Job: Web Application Security Consultant

Position Summary for

Web Application Security Consultant w/ Java

“70% Telecommute Opportunity”

Job Type: Consultant
Job Location: Telecommute from home 70%+ of time
Compensation: $70 – $80 per hour; maybe more
Telecommute: Yes
Education: Degree a plus, but not required
Certifications: See Below
Travel %: 20-30%
Relo Paid: N/A

Our Client has developed a very strong track record of delivering web application security services on a consulting basis to their financial and banking industry clients.

This strong record of exceptional service has results in additional long-term assignments and the need for additional team members.

SecurityHeadhunter.com is seeking Web Application Security consultants to lead and participate in web application security consulting assignments. The current team is made up of seasoned software engineering professionals who have 20+ years of total experience. That experience includes building large Java enterprise applications.

As stated above, our client’s solid delivery and track record has created a situation where their clients invite them back for additional projects.

In this role, a consultant will perform application security assessments through both on-site and off-site project assignments. Successful consultant will lead small review teams and will consult on threats and mitigation approaches.

Majority of work will be done in a telecommute fashion whereby you can work from your home office. Expected travel will only be in the 20-30% range on weekdays only. You’ll be home on weekends.

Possible travel sites: NC, MN, PA, CA

Required Background:

  • A BS in math, computer science or engineering discipline is preferred.
  • Education at the Masters level is appreciated.
  • Certifications to include the CISSP, CSSLP, EC-Council E|CSP and/or SANS, GIAC Secure Software Programmer – Java (GSSP-JAVA) are highly appreciated.

A consultant must demonstrate the following:

• A very solid and deep knowledge & understanding of web application security threats, risk models and tools.

• Static analysis experience with Fortify (preferred) or IBM Ounce Labs tools.

• Architectural review, manual source code review, dynamic analysis.

• Solid technical background that includes Java enterprise application technology.

• Ability to interact with customers presentation and communication purposes.

• Ability to manage small technical teams and projects.

• Must be experienced on helping clients to build security into their software development processes.

The successful candidate must be able to read and understand Java code, APIs and architecture (JSP, Servlet, EJB, Hibernate, Struts, Ant, etc.). A prior Java programming background is strongly preferred.

Desired Skills

A background that includes Microsoft application technology is appreciated (.NET, classic VB and ASP). Technical project management / team leadership experience is required.

To learn more about this situation or others, please contact:

Wils Bell

Security Recruiter

SecurityHeadhunter.com, Inc.

POB 620298

Oviedo, FL 32762

Desk: 407-365-2404

Cell: 407-718-7764

Email: Bell@SecurityHeadhunter.com

LinkedIn Profile: http://www.linkedin.com/in/wilsbell

Web: SecurityHeadhunter.com

Blog: SecurityHeadhunter.wordpress.com

Twitter: security_REC

“I’m a great believer in luck, and I find the harder I work, the more I have of it.” — Thomas Jefferson

P Go Green – print only if necessary

IT Auditor w/SOX skills

Senior IT Auditor

Job Type: Full Time
Job Location: NJ
Compensation: 100,000 -$120,000 plus bonus
Telecommute: No
Education: Degree a plus BUT not required
Certifications: CISA is a must!!!
Travel %: minimal
Relo Paid: No relo offered

Position Summary

Successful candidate will have 5 – 10 years of IT internal audit and/or related work experience in the financial or securities industry.

Successful candidate must have a CISA –no exceptions.

Experience Needed

Strong knowledge of IT systems configuration and operations to include;

  • operating systems – Windows, Linux
  • databases – Sybase, Oracle, SQL Server
  • security & access configuration – infrastructure & application level
  • business applications  – general ledger, trading & clearing, risk management, etc.
  • programming experience a plus  – SQL, Java, C
  • Strong knowledge of securities trading & back office activities – equities & fixed income: order routing & execution, settlement & clearing

Position Responsibilities:

  • Assess the IT control environment for audits assigned, develop audit scoping and test document (RAM) and effectively execute audit fieldwork.
  • Identify and communicate audit issues and develop practical recommendations to assist departments to better control businesses and processes.
  • Draft audit reports, identifying audit scope, findings, and conclusion.
  • Meet with Senior Management to discuss audit coverage and the status of audit issue follow up.
  • Appropriately update and execute the Sarbanes Oxley IT Program and identify control design and operational deficiencies.
  • Maintain current in relevant technology trends, standards, requirements, and best practices.
  • Assist in preparing presentations for management and the Finance & Audit Committee.
  • Keep IT Audit Director and IA Managing Director updated on work in process.
  • Execute special projects as required.

For full details please contact:

Wils Bell

Information Security Recruiter

SecurityHeadhunter.com, Inc.

POB 620298

Oviedo, FL 32762

Desk: 407-365-2404

Cell: 407-718-7764

Email: Bell@SecurityHeadhunter.com