The Application Security Consultant will act as an internal consultant to development teams and will perform daily, hands-on, software security assessment and remediation activities as part of the application security program.
Responsibilities:
Perform software security activities within the defined application security program including application vulnerability testing and analysis, code review, use of common tools, written and verbal articulation of remediation recommendations, and follow-up.
Advise development teams on application security controls, methods, and remediations.
Perform activities such as:
Application Security Testing
Protocol Analysis
Reverse engineering Java and .NET development
Qualifications:
Essential experience (typically gained from 3-5 years) working with and applying best practices in corporate application security programs and providing advice for development teams inclusive of:
Secure coding practices and application vulnerability assessment and penetration testing methodologies
Development background in Java and .NET
Very strong written and verbal communication skills
Writing technical reports based on findings and assisting in the remediation process working with development and security teams
Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.)
Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.)
Essential experience (typically gained from 1-2 years) working with common tools in application security inclusive of:
Application vulnerability scanning using tools such as AppScan, NTO Spider, WebInspect
Static analysis and code review tools such as Ounce, Fortify, AppScan Source Edition
Desired Certifications:
Certified Secure Software Lifecycle Professional (CSSLP) preferred