[Owasp-denver] Lead Application Security Engineer opening...

Michelle Rasmussen Micheller at ecollege.com
Fri Apr 11 11:38:43 EDT 2008


Hello-

 

I'm looking for a Lead Application Security Engineer and wondered if you
could post the description on your site?  Below is the job description.
Please let me know if you need anything else.

 

TIA

~Michelle

 

For the past 11 years, eCollege has been improving educational delivery
methods by providing enterprise eLearning solutions with innovative
technology and high-touch services. eCollege provides an on demand, or
Software as a Service (SaaS) learning platform to growing colleges,
universities and educational institutions across the globe. eCollege has
been recognized as a proven leader in the use of educational technology.
Our Course Management System (CMS) was ranked first in customer
satisfaction in 2007 in independent research conducted by the IMS Global
Learning Consortium.

According to leading IT researchers, more than 40% of all software will
be deployed with on demand, or Software as a Service (SaaS) models by
2012. If you want to make a contribution to the future of learning and
prefer an open-minded approach to work, join the eCollege team! As a
Pearson company, eCollege offers competitive benefits in a challenging
work environment, steeped in a supporting IT culture.

Pearson Education is an Equal Opportunity Employer EOE/M/F/V/D.

 

SUMMARY 

The Lead Application Security Engineer is responsible for implementing
and enforcing application security policy.  The incumbent is also
responsible for developer training, advocacy of secure development
practices, penetration testing, secure design reviews, secure code
reviews, and security incident response.

 

DUTIES AND RESPONSIBILITIES

*         Architect and manage a process to scan code for security
vulnerabilities and coordinate remediation efforts;

*         Manage penetration testing processes and vulnerability
assessments of systems in order to identify system vulnerabilities;

*         Identifying security risks in the software architecture,
design, and implementation processes;

*         Mentor developers and architects on secure development
practices

*         Work closely with the Application Security Officer,
Application Security Engineers, and other security stakeholders on
identifying and remediating security risks

*         Will be involved with the following:   Input Validation (SQL
Injection, Cross Site Scripting, Buffer Overflows etc), User
Authentication ; Authorization; Cryptography; Cryptographic Algorithms
and Associated Parameters; Digest Algorithms; Cryptographic Keys
Protection; Cryptographic Protocols and Associated Parameters;
Non-repudiation, Application Firewalling, Automated Penetration Testing,
Automated Software Inspection, multiple models of Federated
Authentication, privacy policy, General Authentication and Auditing;
Output Validation; Credential Trust models; Password policy; Password
Transmission and Storage; Avoidance of information disclosure; Defense
in Depth

*         Configure, monitor and tune automated testing services

*         Work closely with CSO, ASO, & ISO to implement security
policies;

*         Create white box & black box penetration test plans and
conduct penetration testing in sandbox environments;

*         Mentor other security personnel

*         Compiles, generates, and maintains weekly activity report;

*         Conducts research and develops new technologies for client
applications;

*         Other duties as assigned.

 

MANAGERIAL RESPONSIBILITIES Includes people, process or functions.

Mentoring of developers and security personnel; there is no direct
personnel management responsibility. Management of multiple Application
Security processes.

   

EDUCATION and/or EXPERIENCE 

High school diploma or equivalent required, Bachelor's degree in
Computer Science, IT, MIS, or Electrical Engineering preferred.  Five
(5) plus years experience working in an internet environment with senior
level coding experience; or equivalent education and experience to
successfully perform the essential duties of the job.

 


KNOWLEDGE, SKILLS AND ABILITIES 


*         Knowledge of C#, Java, IIS and Apache

*         Strong understanding of Application Security topics

*         Familiarity with Security Standards and groups (OWASP, WASC,
FISMA)

*         Deep knowledge of security vulnerability types and mitigation
strategies

*         Demonstrated conceptual, analytical and innovative
problem-solving and evaluation skills

*         Understanding of 3-tier architecture and the functional
components of each layer

*         Ability to conduct independent research and analysis in the
event of a security breach

*         Significant experience with manual penetration testing

*         Experience with automated blackbox penetration testing tools 

*         Experience conducting secure code reviews

*         Ability to perform multiple tasks concurrently

*         Excellent customer service, communication (written and
verbal), and interpersonal skills

*         Continually seeks opportunities to expand knowledge of
emerging technologies.

*         Excellent organizational and time management skills

*         Ability to analyze complex problems and develop creative
solutions

*         Ability to make timely and sound decisions

*         Ability to work efficiently in a fast paced environment

*         Ability to work on a team and independently

*         Ability to mentor and train

 

NOTE: This position is subject to a background check and verification of
experience

 

CERTIFICATES, LICENSES, REGISTRATIONS

OWASP / BlackHat / DefCon attendees / presenters preferred

 

PHYSICAL DEMANDS and WORK ENVIRONMENT    The physical demands described
here are representative of those that must be met by an employee to
successfully perform the essential functions of this job. Reasonable
accommodations may be made to enable individuals with disabilities to
perform the essential functions. 

 

This position is located within an office environment and consists of
sitting at a computer in a cubicle setting 90% of the time.

 

To apply, please visit us at www.eCollege.com or contact Michelle
Rasmussen at 303.632.1072 with any questions.

 

 

Michelle Rasmussen

Recruiter

micheller at ecollege.com <mailto:micheller at ecollege.com> 

 

303.632.1072  |  303.484.3388 fax

4900 South Monaco St., Suite 200 Denver, CO  80237

eCollege - INNOVATIVE eLearning. PROVEN Success.

 

Interested in employment opportunities with eCollege, please review
openings and apply online at www.eCollege.com <http://www.ecollege.com/>


 

BE GREEN

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-denver/attachments/20080411/dc012d70/attachment-0001.html 


More information about the OWASP-DENVER mailing list