[Owasp-boston] 4-6 Month secure coding/Secure SDLC contractor in Newton, MA 02459

Javed Ikbal jikbal at gmail.com
Mon May 2 11:58:42 EDT 2011


The position will have to go through one of the approved staffing
vendors for the employer. If you feel you are qualified, contact me
directly and I will connect you with the vendors.

If you are a sales-person for a consulting company that is OK, too.
Just understand that the employee will HAVE TO go through an existing
staffing vendor, with whom I have no relationship.

If you are a recruiter, same rules apply. But if you don't have a
candidate ready, you will probably be wasting your time.

jikbal .at. gmail.com
----------------------------------------

This position is focused on providing application security consulting
services, including, but not limited to vendor application review,
automated and manual run-time assessments, automated and manual code
review,

Requirements:
3+ years of experience focusing on Application Security in a Java,
JavaScript and .NET Framework.
Experience coding in at least one of the above languages
Must be able to understand 3rd-party developed JavaScript and review
it for security issues
Experience with OWASP Top10
Knowledge of SQL
Familiarity with PCI and ISO 2700x
Knowledge of threat modeling and secure SDLC
Experience performing design and application architectural reviews and
actively and leading the discussions from a security standpoint.
Good communication in English, both oral and written (presentations,
technical reports and proposals);

Pluses:
General Security Certification (CISSP)
Application Security Certification (GWAS, CSSLP)
Past life as a developer
Experience working with Fortify

Duties:
Perform 3rd party application review (before and after purchase)
Work with legal team to define contract language to ensure application security
Help define new application architecture or perform design review
Code review


More information about the Owasp-boston mailing list