The Information Security Specialist interacts with team members, and clients on security projects, production support efforts, regarding scanning, vulnerability assessments, penetration tests and authenticated and unauthenticated application assessments, logical security reviews, line of business and vendor assessments. As such they provide both technical support and non-technical support for a broad range of IT security programs and processes related to Information Security and both entity and application assessments. This person should possess experience in planning, conducting and directing research and/or development work on complex vulnerability projects. Past experience should include origination and application of new and unique approaches to application and infrastructure security, in relation to identified risk issues, and possess experience in coordinating and liaising with diverse departments, divisions and organizations. The ideal candidate would be strongly application focused with a good understanding of network based security. Vulnerability scanning tools, assessment techniques, development and application security technique knowledge through areas such as SANS, OWASP and other security vulnerability protection practices.
- Experience of Professional Web-Application Development or Source Code Review
LDAP, Database servers) and common software security issues and remediation techniques
- Knowledge of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.)
- Must understand how data flows through an application and connected components (SMTP,
(OWASP top 10, SANS top 25, etc.)
JBoss EWS, JBoss BRMS/Drools, ESB, HornetQ, BPM, jBPM, SEAM
- Must be able to use SOAP UI to test the web services.
- Must have prior knowledge on security testing on JBOSS middleware like SOA-P, JBoss AS,
based and REST based services
- Experience in Medicare and Health Sector
- Familiarity with 508 Requirements
- Familiarity with Redhat Linux
- Proven ability to work within agile process framework, incl. SCRUM and Sprints
- Understanding of WS-Security, including SSL/TSL, addressing, SAML, JAAS/LDAP
- Understanding of XML gateways (DataPower, Layer7 etc.) and configuring policies for SOAP
- Must have gateway administrative experience
- Penetration Tester, vulnerabilities, Nmap, Nessus, MetaSploit, Burp suite, HP Fortify, testing,
threats related to the enterprise in regard to current vulnerability posture.
- Have a working knowledge of commercial and open source security scanning tools is a must.
- Conduct penetration, vulnerability and web application testing, risk assessments.
- Provide inputs to manage and develop an emerging threat model to assess and disseminate
recommendations for process improvement
- Improve the system processes for scanning, and assessments by identification and
CISSP Certification, CEH, OSCP, GPEN, Masters level degree in related IT or Security Assurance field preferred.
Email your resume to firstname.lastname@example.org .
K3 Solutions LLC - 13 months ago
K3 Solutions is a certified woman-owned small business that has been operating as an Limited Liability Corporation entity since September...