[Owasp-salt_lake] Opportunity: Application or Network Security Consultant - Accuvant Labs

Dmitry dmitry.dessiatnikov at gmail.com
Fri Oct 7 11:52:21 EDT 2011


Hope to see all of you at the our meeting next week.

The company I work for is hiring security consultants. If you are interested
simply send me your resume and contact information to
dmitry.dessiatnikov at gmail.com. Here is a little bit about the company and
the openings:

Accuvant LABS is a multi-disciplined consulting team with focus areas on
network penetration, malware analysis, vulnerability research, hardware
testing, operating system, mobile device, and application testing. The
Application Security group focuses on mobile and web application testing,
and generally anything in Java, .Net, PHP, RoR or Web/Mobile frameworks. Our
Research Consulting team focuses on C/C++ applications, device firmware,
operating systems security, and mobile hardware platforms. The Enterprise
group is based on advanced network penetration and internal assessments,
while the Malware and Research Scientist team focus on exploitation analysis
and development of new threat classes.


We are also hiring Senior and Principal-level Application Security
Consultants which is determined by your experience and prior
accomplishments. We expect a senior-level individual to have at least four
years in a directly related role, and principal consultants must more than
six years in application security consulting with an excellent record of
career achievement. Currently we are looking for AppSec Consultants in
specific locales, primarily in Seattle, Chicago and the SF Bay, but given as
the majority of work is remote we would like to talk to you regardless of
where you call home. LABS maintains an international client base which
allows us to locate consultants across the country and around the globe.
However, if you would be willing to relocate to one of our preferred US
locales we do offer relocation assistance.

Skills we expect:

Able to demonstrate a comprehensive application testing methodology. This
means that you can go off a work plan that covers A-Z in terms of potential
issues. This can be a problem for people that are used to run tool->get
results or hunt and peck style testing.

Gray box application testing. Our normal app assessment approach is a
full-knowledge gray box style where we have access to docs, source, a
functioning app, and control of the environment. We do also perform straight
code reviews or black box testing and all consultants need to be comfortable
with both. Basically you need be able to take advantage of those resources,
when present, and not be hamstrung when they are not available.

Code review and static analysis. You should know how to approach a large
code review and be experienced with current static analysis tools. You
should be able to look at a codebase and prioritize code for top-down as
well as create signatures for components that aren*t covered with the base
toolset.

Mobile application testing. You should understand the threat classes for
mobile apps and preferably have performed assessments of mobile application
on the iOS, WinPhone, and Android platforms.

Threat Modeling and SDL processes, as per the MS guidelines.

Development experience in some of these areas: .Net (C#/VB.Net), Java, Ruby,
PHP, Python, along with common dev frameworks that are derived from that
list. We don't expect people to be experts in every area but you will have
to demonstrate expertise in a few so that we can fit you with the
appropriate projects.

We don't have an official scripting language, but the team generally tends
to work in Ruby or Python for project tools.
Consulting skills. This is a consulting position, which means you will have
to talk to people at some point and wear a nice shirt once in a while. We
understand that security folks can be weird at times and we generally like
weird at LABS but you have to be able to rein it in when working with the
clients.

Come talk to me at the meeting next week if you have any further questions.

-- 
Thanks,

Dmitry Dessiatnikov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-salt_lake/attachments/20111007/48109f2d/attachment.html 


More information about the Owasp-salt_lake mailing list