[Owasp-chicago] Employment Opportunity

Mark Anderson manderson at w3r.com
Wed Jun 24 14:10:06 EDT 2009


My name is Mark Anderson and I work with w3r Consulting.  I am contacting you about an opportunity I have right now in the Detroit area.  It is a contract opportunity with a major Healthcare Provider in the area.  They are looking for a Security Testing Resource who can help develop Testing Strategies for the OWASP top ten list.

If you are interested in hearing the details of the opportunity please contact me.

Thanks for your time.

Below is a brief description of the opportunity.


Candidate will be responsible for planning, designing and executing security test efforts for OWASP top 10 issues. The candidate will be actively involved in manual and automated security testing. In addition, the candidate will be involved in the review of business requirements, test cases, and other project artifacts.


*        Coordinate system testing with appropriate project personnel and other program elements conducting security testing.
*        Develop Security testing strategies and manual test cases for OWASP top 10 issues.
*        Review requirements and security risk documents, and define security scenarios.
*        Writes test plans for all levels of testing. Maintains records of test progress, documents test results, prepares reports and presents results as appropriate.
*        Create, design, and implement test plans around testing the security of the systems, processes and their environment. Testing includes using security tools and automated test tools.
*        Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures
*        Develop, assemble, and submit testing results reports that document testing activity and results.
*        Support Test Lead by identifying risks and developing mitigation strategies.
*        Analyze and compile security testing results.
*        Perform the above duties using vulnerability assessment tools such as Nessus, AppDetective, WebInspect, AppScan, and Fortify.
*        Work collaboratively with and share knowledge of security testing with team members.

Required Experience

*        3 - 5 years experience in performing integration, system, regression, UAT and security testing.
*        3 - 5 years of experience in planning and implementing security test efforts.
*        3 - 5 years of experience with manual security testing.
*        2 - 3 years of experience with AppScan.
*        2 - 3 years of experience with Fortify PTA.
*        Basic understanding of Security concepts (CIA Confidentiality, Integrity, Availability)
*        Practical knowledge and experience with OWASP top ten issues
*        Excellent written and verbal communication skills.
*        Strong interpersonal skills and ability to work well in a team.
*        Self-motivated with ability to work with minimal supervision.
*        Ability to plan and manage time based on schedules.
*        Problem solving skills.

Preferred Experience

*        2 -4 years experience as a Security Test Lead
*        2 - 4 years experience with Web-based testing methodologies.
*        Experience working with iterative development methodologies
*        Performs highly complex analysis and testing in the following areas:  integration, systems, security, and interoperability.
*        Designs, develops, implements and maintains test processes and diagnostic programs for the most complex system testing.
*        Provides leadership and work guidance to less experienced personnel.
*        CISSP or CISA Certification


*        BA in MIS, Computer Science, or related field from a recognized college or university or equivalent work experience.


Mark Anderson
w3r Consulting

Powering Technology - Empowering People

"Celebrating 14 Years of Excellence"
Office: 248-358-1002 ext: 259
Fax: 248-358-1005
Toll Free: 866-585-4100

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-chicago/attachments/20090624/4ba1c3f6/attachment-0001.html 

More information about the Owasp-chicago mailing list