Security Job: Web Application Security Engineer
Job Type: Full-time salaried position
Job Locations: If you are open to any of the following areas we should talk: Illinois, North Carolina, Nebraska, Pennsylvania, Indiana, and Connecticut
Compensation: $90,000 to $110,000 salary, maybe more
Education: BS strongly preferred, but not required.
Travel %: minimal
Relo Paid: Possible assistance available on a case by case basis
Certifications Preferred: CISA, CISSP
SecurityHeadhunter.com is conducting a search for Web Application Security Engineers. Our client, a Fortune 500 organization, has engaged us to identify, recruit and prescreen candidates that have a passion for web security. These are full time positions working on site for the organization. The client is not a consulting firm.
Our client really wants to see candidates that have at least 3-5 years of software / application development and /or web development skills in Java OR .NET environment and has moved over to the Security side for at least the last 2-3 years.
Having a software or Web Development background prior to Web Application Security is NOT a must have, but is a big plus for the positions.
The selected candidate(s) will be working on new web application security as well as legacy systems from time to time. Selected candidate(s) must be very knowledgeable of OWASP TOP 10.
RESPONSIBILITIES & DUTIES
- Conducting web application security assessments on both new and existing web applications.
- These assessments involve manual testing and analysis as well as the use of automated web application vulnerability scanning and testing tools to include but not limited to Fortify, IBM App Scan, HP Web Inspector, Hail Storm testing tools.
- Utilizing company standard reporting format to prepare formal security assessment reports for each application, using our standard reporting format.
- Participate and lead when necessary conference calls with internal business customers to review security assessment results.
- Consult with these internal business customers on remediation options and the retesting of security vulnerabilities that have been fixed and republishing your report to indicate the results.
- Participate and lead when necessary conference calls with potential internal business customers to review newly requested security assessments and estimate the amount of time required to complete the assessment.
- Ability to assist in the deployment and/or support of web application firewalls.
- Experience working with static code analysis tools
- Ability to communicate complex security subjects in easy-to-understand terms.
- Desire to stay current with emerging technologies and industry trends.
- Solid understanding of OWASP along with the ability to apply the application those security concepts.
- Thorough understanding of both TCP/IP and HTTP.
- Ability to work in a fast paced, challenging and sometimes stressful environment while keeping a cool head.
- Ability to look at the big picture and help in finding acceptable solutions and remedies.
- Strong focus and ability to dealing with internal users and customers
- Solid written and verbal communication skills.
For information on this or other Security related positions, please contact: