Application Security Engineer Location: Arlington, VA General Requirements: Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level. Assurance that IT application software and infrastructure is designed and implemented to applicable security standards. Will utilize probing applications and review code for security holes. Must possess experience in C/C++, Java, XML, XSLT. Must have knowledge of firewalls, access control, VPNs Crypto experience such as SSL/TLS, IPsec. Experience in XMLdsig/XMLenc/WS-Sec/SAML is necessary. Experience with application level firewall and PKI. Experience with runtimes or OS kernels Layer 6 / Layer 7 application-aware routing experience. Current Certified Information Systems Security Professional (CISSP), or similar security professional certification preferred. Principal Duties and Responsibilities: 1. Review code such as C, Perl and Java for vulnerabilities; 2. Add value and enhancements to software lifecycle process; 3. Review and provide appropriate reports of ASP, Visual C++, and other Windows-based technologies; 4. Review implementation of different application servers including Tomcat, Oracle Application Server, WebSphere, ATG Dynamo, and WebLogic. Understand 3-tier architecture and the functional components of each layer; 5. Assist in developing process and procedures for review of vulnerability data; and 6. Provide guidance on potential exploit data and impacts to existing applications. 7. Will be involved with the following: Input Validation (SQL Injection, Cross Site Scripting, Buffer Overflows etc), Authentication ; Authorization; Cryptography; Cryptographic Algorithms and Associated Parameters; Cryptographic Keys Protection; Cryptographic Protocols and Associated Parameters; Cryptographic: Using Public Key Infrastructure ; Cryptography for Confidentiality; Application Security; General Authentication; Output Validation; Passwords; Password Complexity; Password Expiration and Lockout; Password Transmission and Storage; Passwords Protection; Production Application Instance Sensitive Information; State Management : Cookies and Session; Trust Experience in XMLdsig/XMLenc/WS-Sec/SAML is necessary. Experience with application level firewall and PKI. Must have knowledge of firewalls, access control, VPNs Crypto experience such as SSL/TLS, IPsec. C/C++, Java, XML, XSLT Please respond by sending a word version of your resume and salary requirements to paul.coleridge@knowledgecg.com http://sla.ckers.org/forum/read.php?17,9384,9384#msg-9384 Tue, 21 May 2013 17:01:19 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?17,9384,9384#msg-9384 http://sla.ckers.org/forum/read.php?17,9384,9384#msg-9384 Location: Arlington, VA

General Requirements:

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Must be clearable to the Top Secret level.

Assurance that IT application software and infrastructure is designed and implemented to applicable security standards. Will utilize probing applications and review code for security holes. Must possess experience in C/C++, Java, XML, XSLT. Must have knowledge of firewalls, access control, VPNs Crypto experience such as SSL/TLS, IPsec. Experience in XMLdsig/XMLenc/WS-Sec/SAML is necessary. Experience with application level firewall and PKI. Experience with runtimes or OS kernels Layer 6 / Layer 7 application-aware routing experience.

Current Certified Information Systems Security Professional (CISSP), or similar security professional certification preferred.

Principal Duties and Responsibilities:

1. Review code such as C, Perl and Java for vulnerabilities;
2. Add value and enhancements to software lifecycle process;
3. Review and provide appropriate reports of ASP, Visual C++, and other Windows-based technologies;
4. Review implementation of different application servers including Tomcat, Oracle Application Server, WebSphere, ATG Dynamo, and WebLogic. Understand 3-tier architecture and the functional components of each layer;
5. Assist in developing process and procedures for review of vulnerability data; and
6. Provide guidance on potential exploit data and impacts to existing applications.
7. Will be involved with the following: Input Validation (SQL Injection, Cross Site Scripting, Buffer Overflows etc), Authentication ; Authorization; Cryptography; Cryptographic Algorithms and Associated Parameters; Cryptographic Keys Protection; Cryptographic Protocols and Associated Parameters; Cryptographic: Using Public Key Infrastructure ; Cryptography for Confidentiality; Application Security; General Authentication; Output Validation; Passwords; Password Complexity; Password Expiration and Lockout; Password Transmission and Storage; Passwords Protection; Production Application Instance Sensitive Information; State Management : Cookies and Session; Trust



Experience in XMLdsig/XMLenc/WS-Sec/SAML is necessary. Experience with application level firewall and PKI.
Must have knowledge of firewalls, access control, VPNs Crypto experience such as SSL/TLS, IPsec.
C/C++, Java, XML, XSLT

Please respond by sending a word version of your resume and salary requirements to paul.coleridge@knowledgecg.com]]> Knowledgecg Jobs Mon, 02 Apr 2007 14:17:48 -0500