APPLICATION SECURITY CONSULTANT

Job Title: Application Security Consultant

Location: US-IL-Chicago

Targeted Start: 10/1/2012

Travel Required: No

Overview:

The Application Security Consultant will act as an internal consultant to development teams and will perform daily, hands-on, software security assessment and remediation activities as part of the application security program.

Responsibilities:

1. Perform software security activities within the defined application security program including application vulnerability testing and analysis, code review, use of common tools, written and verbal articulation of remediation recommendations, and follow-up.
2. Advise development teams on application security controls, methods, and remediations.
3. Perform activities such as:

• Application Security Testing
• Protocol Analysis
• Reverse engineering Java and .NET development

Qualifications:

Essential experience (typically gained from 3-5 years) working with and applying best practices in corporate application security programs and providing advice for development teams inclusive of:

1. Secure coding practices and application vulnerability assessment and penetration testing methodologies
2. Development background in Java and .NET
3. Very strong written and verbal communication skills
4. Writing technical reports based on findings and assisting in the remediation process working with development and security teams
5. Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.)
6. Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.)

Essential experience (typically gained from 1-2 years) working with common tools in application security inclusive of:

1. Application vulnerability scanning using tools such as AppScan, NTO Spider, WebInspect
2. Static analysis and code review tools such as Ounce, Fortify, AppScan Source Edition

Desired Certifications:

Certified Secure Software Lifecycle Professional (CSSLP) preferred