Position: Application Security Analyst

Level: Mid to Senior Level

Position Description:
The successful candidate will perform application security assessments, code reviews, and SDLC consulting.

Projects may include:

Requirements:
The successful candidate MUST meet the following requirements:

Strong ethics and understanding of ethics in business and information security
Proficient English language written and oral communication skills
Understanding and familiarity with common code review methods and standards
Experience with code scanning toolsets such as Fortify and Ounce
Knowledge of OWASP tools and methodologies
Understanding of HTTP and web programming
Knowledge of common security requirements within ASP.NET application
Knowledge of standard SDLC practices
Minimum of 3 years work experience in application security
Minimum of 5-7 years of IT or software development experience
Ability to complete tasks and deliver professionally written reports for clients
Ability to present findings to technical staff and executives
Possess current security certifications (e.g., CISSP, CEH)
Must be able to pass a background check
Must be qualified to work in the U.S.

Optional Requirements:
The successful candidate SHOULD meet these additional requirements as a plus:

Degree in either Computer Engineering, Computer Science, or Information Systems Management
Experience working in software development
Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)