[Owasp-brazilian] Vaga Senior IT Security Analyst - Curitiba, PR

Eduardo V. C. Neves eduardo at camargoneves.com
Fri Apr 23 17:21:07 EDT 2010


A vaga é para Curitiba e o empregador exige conhecimento de Segurança em Aplicação com uso de ferramentas e metodologias promovidas pelo OWASP. Informações e detalhes diretamente com o contato no HSBC CGLT.



Senior IT Security Analyst 


- Plan and coordinate security projects according to a structured process, including managing schedules and generating detailed documentation of project approach and results 
- Lead other team members and act as project manager on selected security projects 
- Perform highly technical/analytical security assessments of custom web applications, including manual penetration testing, source and configuration review. 
- Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications 
- Own tracking, remediation, and risk acceptance for identified security vulnerabilities. 
- Coordinate efforts of various external teams in planning, test execution and vulnerability mitigation 
- Develop in-house solutions, when necessary, e.g. for issue tracking or metrics 
- Clearly and professionally document root cause and risk analysis of all findings 
- Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks 
- Code and demonstrate basic proof-of-concept exploits of vulnerabilities 
- Advise on vulnerability remediation, control implementation and secure development practices 
- Ensure that company security policies are implemented, enforced, and enhanced when appropriate 
- Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices; report control weaknesses, compliance breaches and - operational loss events 
- Lead/participate in team discussions to formulate new or enhance existing processes and standards 
- Lead the evaluation of new security technologies 
- Monitor security industry information sources and keep abreast of events, research, and developments 
- Configure and employ security testing software and apply results to security analysis 
- Lead security incident response activities 
- Complete other responsibilities, as assigned. 
REQUIREMENTS (experience, required skills) 

Must have: 

- Extensive understanding of Application Security 
- Direct, hands-on experience in application penetration testing or application security design and implementation 
- Strong, demonstrable aptitude for and interest in information security and application security 

Other requirements 

- Proven leadership skills, including strong initiative, consensus-building and ability to collaborate directly with a variety of clients (business, development, compliance, etc.) 
- Strong written communication (writing sample to be requested) 
- Polished and professional verbal communication skills, experienced facilitator and briefer 
- Ability to adapt and apply application security expertise to new scenarios and technologies 
- Broad awareness of security analysis tools and techniques, security products 
- Good understanding of web-based application architectures (J2EE, Portal) 
- Good understanding of SQL and common database platforms 
- Working knowledge of network/internet security 
- Demonstrated ability to lead and manage projects 

Preferred qualifications: 

- Source Code review from a security perspective (Java and javascript) 
- Knowledge of Unix-based platforms, HTTP, application and network security technologies 


- Fluent or Advanced English language skills 


Sergio L Filho, PMP 
Email. sergio.l.filho at hsbcglt.com.br 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-brazilian/attachments/20100423/6b96df78/attachment.html 

More information about the Owasp-brazilian mailing list