[Owasp-boston] job opening

Weiler, Jim Jim.Weiler at Staples.com
Thu Feb 24 14:24:36 EST 2005

Below is an application security job posting I received and am forwarding to
the group - let me know if you have an opinion about whether this is a
correct or incorrect use for this email list.
US-WA-Seattle  Senior Application Security Consultant:

Job Location:  Seattle - Telecommuting Negotiable

IOActive, Inc.(tm), founded in 1998, is the leading provider of vanguard
computer security services.

IOActive delivers world-class computer security consulting services to our
enterprise customers.  Known as an employer of choice for innovative minds,
IOActive is consistently on the cutting edge of the computer security

Our professional service division is the leader in helping clients manage
risk from policy creation to network level implementation.  We help clients
understand what their threat exposure currently is and the best plan of
attack to mitigate that exposure while minimizing their overall cost.  Job
one is total customer satisfaction and cost value recognition.

Through IOActive's elite team of seasoned professionals, active community
involvement, entrepreneurial attitude, and pro-active approach we are
willing to bet you'll wonder why you ever worked anywhere else.  If you are
looking for a place to advance your career where the only obstacle to growth
is your own determination to succeed, contact us today!

Demonstrated Abilities:

*	.NET Code Auditing Experience
*	Ability to perform low level debugging
*	Ability to understand N Tier web architectures as it relates to
*	Knowledge of multiple languages, ( VBScript, Jscript, C#, ASP.NET )
*	Knowledge of configuration and administration of MSSQL and Oracle
*	Thorough understanding of HTTP
*	Thorough understanding of SSL and related encryption technologies
*	Apply information security principles; techniques and standards for
network operating systems
*	Assess client's online commerce readiness and provide appropriate
security assistance
*	Contribute to a strong client relationship through interactions with
client personnel
*	Understand engagement as it relates to client's business
*	Demonstrate knowledge in some areas of industry or functional
*	Contribute to engagement planning and ensuring that
products/deliverables meet contract/work plan
*	Recognize and communicate opportunities to assist clients with
additional security needs
*	Contribute to a positive team attitude

Experienced Desired:

*	OO development/design (required)
*	Web technologies (HTTP, HTML, Javascript, etc) (required)
*	Database (required)
*	Understanding of security concerns in software development
*	Basic understanding of crypto/secure protocols  (required)
*	Familiar with authentication and authorization systems  (required)
*	Strong debugging skills  (required)
*	Protocol analysis (required)

*	IT Infrastructure design and implementation experience with
networks, web, portal, or identity management
*	Security Audit
*	Attack and Penetration testing, host, network, and application
*	Vulnerability assessment; host, network, and application levels
*	Enterprise IDS Implementation and testing
*	Operating system and application hardening
*	Incident response training
*	Information security education
*	System security and controls including:

o	Attack and penetrations security
o	Firewall
o	Identity management
o	Encryption technology
o	Assessment of network vulnerability
o	Network configuration and administration
o	Virus Software
o	Security auditing techniques
o	Computer control environments
o	UNIX security
o	NT/Windows 2000

*	Prepare written reports at the engineering level, manager level, and
executive levels
*	Contribute to engagement planning and ensuring that
products/deliverables meet contract/work plan specifications
*	Contribute to a positive team attitude

Preferred technology experience with the following:

Firewall and router configurations, switches, secure network architecture,
VPNs, PKI, PMI, Portals, Cisco, PERL, python, .NET, C#, J2EE, ASP.NET,
VBScript, Jscript, C++, XML, ASM, Web Technologies

ISS, SNORT, sniffer technologies, Windows 2000/NT, Solaris, AIS, HP-UX, RHL

IPSec, SSL, SSH, VPN, Ethernet, WAP, SMPT, FTP, Frame Relay, WAN, ATM, FDDI,
DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5

To be considered for this position the following are essential:

BS in information technology or related filed, PDF preferred
Minimum 4 years of formal computer programming
CISSP, CCNA and/or CISA certification a plus
GSEC certification a plus
Minimum of 3 years related programming experience
Prior Big 5 consulting experience preferred
Excellent verbal and written communication
Industry Experience in financial-services, health-services, high-tech
Willingness to travel

All qualified candidates please forward your resume and cover letter to
careers at ioactive.com .  For more information about IOActive, visit our web
site at http://www.ioactive.com

IOActive is an equal opportunity company.  We recruit, employ train,
compensate, and promote without regard to race, religion, creed, color,
national origin, age, gender, sexual orientation, martial status,
disability, veteran status or any other basis protected by applicable
federal, state or local law.

Joshua J. Pennell
President and CEO
IOActive, Inc.
(206) 784-4313 ext. 51
joshua.pennell at ioactive.com
Comprehensive Computer Security Services

Jim Weiler
Staples North American Application Services
Application Architect
508 2533884

More information about the Owasp-boston mailing list