Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ever wanted to work as a "chief hacker" "security evangelist"? This is a place to post jobs or ask for work. Over time as I hear about job offers, we can consolidate them into this board. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Sr Applications Security Engineer Job Opportunity
Posted by: Knowledgecg
Date: April 02, 2007 02:17PM

Application Security Engineer
Location: Arlington, VA

General Requirements:

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Must be clearable to the Top Secret level.

Assurance that IT application software and infrastructure is designed and implemented to applicable security standards. Will utilize probing applications and review code for security holes. Must possess experience in C/C++, Java, XML, XSLT. Must have knowledge of firewalls, access control, VPNs Crypto experience such as SSL/TLS, IPsec. Experience in XMLdsig/XMLenc/WS-Sec/SAML is necessary. Experience with application level firewall and PKI. Experience with runtimes or OS kernels Layer 6 / Layer 7 application-aware routing experience.

Current Certified Information Systems Security Professional (CISSP), or similar security professional certification preferred.

Principal Duties and Responsibilities:

1. Review code such as C, Perl and Java for vulnerabilities;
2. Add value and enhancements to software lifecycle process;
3. Review and provide appropriate reports of ASP, Visual C++, and other Windows-based technologies;
4. Review implementation of different application servers including Tomcat, Oracle Application Server, WebSphere, ATG Dynamo, and WebLogic. Understand 3-tier architecture and the functional components of each layer;
5. Assist in developing process and procedures for review of vulnerability data; and
6. Provide guidance on potential exploit data and impacts to existing applications.
7. Will be involved with the following: Input Validation (SQL Injection, Cross Site Scripting, Buffer Overflows etc), Authentication ; Authorization; Cryptography; Cryptographic Algorithms and Associated Parameters; Cryptographic Keys Protection; Cryptographic Protocols and Associated Parameters; Cryptographic: Using Public Key Infrastructure ; Cryptography for Confidentiality; Application Security; General Authentication; Output Validation; Passwords; Password Complexity; Password Expiration and Lockout; Password Transmission and Storage; Passwords Protection; Production Application Instance Sensitive Information; State Management : Cookies and Session; Trust



Experience in XMLdsig/XMLenc/WS-Sec/SAML is necessary. Experience with application level firewall and PKI.
Must have knowledge of firewalls, access control, VPNs Crypto experience such as SSL/TLS, IPsec.
C/C++, Java, XML, XSLT

Please respond by sending a word version of your resume and salary requirements to paul.coleridge@knowledgecg.com



Edited 1 time(s). Last edit at 04/02/2007 02:18PM by Knowledgecg.

Options: ReplyQuote


Sorry, only registered users may post in this forum.