[Owasp-denver] Lead Application Security Engineer opening...
Micheller at ecollege.com
Fri Apr 11 11:38:43 EDT 2008
I'm looking for a Lead Application Security Engineer and wondered if you
could post the description on your site? Below is the job description.
Please let me know if you need anything else.
For the past 11 years, eCollege has been improving educational delivery
methods by providing enterprise eLearning solutions with innovative
technology and high-touch services. eCollege provides an on demand, or
Software as a Service (SaaS) learning platform to growing colleges,
universities and educational institutions across the globe. eCollege has
been recognized as a proven leader in the use of educational technology.
Our Course Management System (CMS) was ranked first in customer
satisfaction in 2007 in independent research conducted by the IMS Global
According to leading IT researchers, more than 40% of all software will
be deployed with on demand, or Software as a Service (SaaS) models by
2012. If you want to make a contribution to the future of learning and
prefer an open-minded approach to work, join the eCollege team! As a
Pearson company, eCollege offers competitive benefits in a challenging
work environment, steeped in a supporting IT culture.
Pearson Education is an Equal Opportunity Employer EOE/M/F/V/D.
The Lead Application Security Engineer is responsible for implementing
and enforcing application security policy. The incumbent is also
responsible for developer training, advocacy of secure development
practices, penetration testing, secure design reviews, secure code
reviews, and security incident response.
DUTIES AND RESPONSIBILITIES
* Architect and manage a process to scan code for security
vulnerabilities and coordinate remediation efforts;
* Manage penetration testing processes and vulnerability
assessments of systems in order to identify system vulnerabilities;
* Identifying security risks in the software architecture,
design, and implementation processes;
* Mentor developers and architects on secure development
* Work closely with the Application Security Officer,
Application Security Engineers, and other security stakeholders on
identifying and remediating security risks
* Will be involved with the following: Input Validation (SQL
Injection, Cross Site Scripting, Buffer Overflows etc), User
Authentication ; Authorization; Cryptography; Cryptographic Algorithms
and Associated Parameters; Digest Algorithms; Cryptographic Keys
Protection; Cryptographic Protocols and Associated Parameters;
Non-repudiation, Application Firewalling, Automated Penetration Testing,
Automated Software Inspection, multiple models of Federated
Output Validation; Credential Trust models; Password policy; Password
Transmission and Storage; Avoidance of information disclosure; Defense
* Configure, monitor and tune automated testing services
* Work closely with CSO, ASO, & ISO to implement security
* Create white box & black box penetration test plans and
conduct penetration testing in sandbox environments;
* Mentor other security personnel
* Compiles, generates, and maintains weekly activity report;
* Conducts research and develops new technologies for client
* Other duties as assigned.
MANAGERIAL RESPONSIBILITIES Includes people, process or functions.
Mentoring of developers and security personnel; there is no direct
personnel management responsibility. Management of multiple Application
EDUCATION and/or EXPERIENCE
High school diploma or equivalent required, Bachelor's degree in
Computer Science, IT, MIS, or Electrical Engineering preferred. Five
(5) plus years experience working in an internet environment with senior
level coding experience; or equivalent education and experience to
successfully perform the essential duties of the job.
KNOWLEDGE, SKILLS AND ABILITIES
* Knowledge of C#, Java, IIS and Apache
* Strong understanding of Application Security topics
* Familiarity with Security Standards and groups (OWASP, WASC,
* Deep knowledge of security vulnerability types and mitigation
* Demonstrated conceptual, analytical and innovative
problem-solving and evaluation skills
* Understanding of 3-tier architecture and the functional
components of each layer
* Ability to conduct independent research and analysis in the
event of a security breach
* Significant experience with manual penetration testing
* Experience with automated blackbox penetration testing tools
* Experience conducting secure code reviews
* Ability to perform multiple tasks concurrently
* Excellent customer service, communication (written and
verbal), and interpersonal skills
* Continually seeks opportunities to expand knowledge of
* Excellent organizational and time management skills
* Ability to analyze complex problems and develop creative
* Ability to make timely and sound decisions
* Ability to work efficiently in a fast paced environment
* Ability to work on a team and independently
* Ability to mentor and train
NOTE: This position is subject to a background check and verification of
CERTIFICATES, LICENSES, REGISTRATIONS
OWASP / BlackHat / DefCon attendees / presenters preferred
PHYSICAL DEMANDS and WORK ENVIRONMENT The physical demands described
here are representative of those that must be met by an employee to
successfully perform the essential functions of this job. Reasonable
accommodations may be made to enable individuals with disabilities to
perform the essential functions.
This position is located within an office environment and consists of
sitting at a computer in a cubicle setting 90% of the time.
To apply, please visit us at www.eCollege.com or contact Michelle
Rasmussen at 303.632.1072 with any questions.
micheller at ecollege.com <mailto:micheller at ecollege.com>
303.632.1072 | 303.484.3388 fax
4900 South Monaco St., Suite 200 Denver, CO 80237
eCollege - INNOVATIVE eLearning. PROVEN Success.
Interested in employment opportunities with eCollege, please review
openings and apply online at www.eCollege.com <http://www.ecollege.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-DENVER