Security Consultant - Application Security
Fishnet Security - San Francisco, CA

This job posting is no longer available on Fishnet Security. Find similar jobs: Security Consultant jobs - Fishnet Security jobs

Overview:

CANDIDATES CAN LIVE IN ANYWHERE IN THE US

If you have multiple years of experience on Application Security in a Java or .NET Framework using C#, VB, or ASP and enjoy the challenge of working with clients to identify, analyze, and report application vulnerabilities, then we have the opportunity for you!

This position: î

Is focused on providing application security consulting services, including, but not limited to automated and manual run-time assessments, automated and manual code review, threat modeling, secure SDLC review and development, and secure code training for developers. î

Requires excellent written and communication skills, and a demonstrated technical expertise in security, programming and application vulnerabilities.

While focused on service delivery, provides the opportunity to participate in other phases of the sales and consulting lifecycle, such as, pre-sales, requirements collection, project scoping, and training.

Responsibilities:
  • Focused on providing application security consulting services, including, but not limited to automated and manual run-time assessments, automated and manual code review, threat modeling, secure SDLC review and development, and secure code training for developers.
  • Requires excellent written and communication skills, and a demonstrated technical expertise in security, programming and application vulnerabilities.
  • Provides the opportunity to participate in multiple areas of the consulting role such as services delivery, training, pre-sales, requirements collection, and scope design.
Qualifications:

REQUIRED EXPERIENCE/EDUCATION:

A minimum equivalent of experience and/or education that would provide the relevant knowledge and abilities to perform the type of work described herein.

Education: Possession of a relevant Bachelor’s Degree or equivalent training and experience in programming, networking and security fundamentals, and application and database security.

Experience: Two to five years of employment with significant responsibilities for enterprise application development, application security assessments, source code analysis, and/or application security vulnerability research, analysis and consulting. Experience in identifying application vulnerabilities, appropriate security-related solutions, and strategies for risk mitigation.

Preference will be made for candidates holding certification and education such as:

-Advanced technical degrees

-Offensive Security Certified Professional

-SANS certification

-Or demonstrated expertise.

REQUIRED SKILLS/KNOWLEDGE:

-Excellent written and verbal communication skills

-Working knowledge of automated application security-related tools such as AppScan, WebInspect, Fortify, and AppScan Source (formerly Ounce Security Analyst)

-Ability to deliver secure code training to developers

-Working knowledge of manual assessment tools such as HTTP Proxies (Burp, Webscarab, Spike), browser plug-ins (Web Developer Toolbar, Firebug, etc.), automation scripts (Perl/Python), fuzzers (w3af, Peach, etc.), and other commercial and open source tools

-Working knowledge of application assessment and code review methodologies

-Working knowledge of application security vulnerabilities and secure coding practices

-Working knowledge of object oriented programming and design fundamentals

-Expert knowledge of web technologies (.ASP, .NET, Java)

-Exposure to Application Security Maturity Models (OpenSAMM, BSIMM)

-Exposure to information security vulnerability concepts, issues and mitigation methods

-Experience with business and functional requirements collection

-Ability to participate in a group oriented environment

-Ability to complete assigned tasks or projects with limited supervision

-Ability to work under demanding circumstances and accomplish objectives

Strong analytical skills to troubleshoot technical problems and determine resolution

PREFERRED SKILLS/KNOWLEDGE:

-Working knowledge of networking, network design and network security

-Exposure to a range of security products such as Authentication, Firewalls, Intrusion Detection and Prevention Systems, and a variety of other related technologies

-Ability to deliver secure code training to developers

FNS is an Equal Opportunity Employer and does not discriminate against any employee or applicant on the basis of race, creed, color, sex, sexual orientation, age, marital status, handicap, disability, religion, national origin, military service, or any other protected category. We have established an Affirmative Action program to initiate and promote equal employment opportunities. As an Affirmative Action Employer, we make every effort to ensure that our workforce represents the diversity of our labor market and that

employees and applicants are given full consideration for development and advancement within our employment structure.

Fishnet Security - 19 months ago - save job
About this company
4 reviews