[Owasp-denver] Lead Application Security Engineer opening...

Michael Walter waltermi at gmail.com
Mon Apr 14 12:51:42 EDT 2008


Michelle -

It should be posted soon.

FYI - I run Arsenal Security Group and we have a number of Application
Security Resources.  Is there anything I can do to help in the short term?

I'd be happy to have a call or setup a meeting so I can let eCollege know
more about Arsenal and our Application Security department.

Thanks,

Michael

On Fri, Apr 11, 2008 at 10:46 AM, Michelle Rasmussen <Micheller at ecollege.com>
wrote:

>  Full time hire.
>
>
>
> Thanks again!
>
>
>
> *From:* Michael Walter [mailto:waltermi at gmail.com]
> *Sent:* Friday, April 11, 2008 10:45 AM
> *To:* Michelle Rasmussen
> *Cc:* owasp-denver at lists.owasp.org
> *Subject:* Re: [Owasp-denver] Lead Application Security Engineer
> opening...
>
>
>
> Michelle -
>
> I can post this description on your site.  Are you looking for a full time
> hire, part time hire, or contractor?
>
> Thanks,
>
> Michael
>
> On Fri, Apr 11, 2008 at 9:38 AM, Michelle Rasmussen <
> Micheller at ecollege.com> wrote:
>
> Hello-
>
>
>
> I'm looking for a *Lead Application Security Engineer* and wondered if you
> could post the description on your site?  Below is the job description.
> Please let me know if you need anything else.
>
>
>
> TIA
>
> ~Michelle
>
>
>
> For the past 11 years, *eCollege* has been improving educational delivery
> methods by providing enterprise eLearning solutions with innovative
> technology and high-touch services. *eCollege* provides an on demand, or
> Software as a Service (SaaS) learning platform to growing colleges,
> universities and educational institutions across the globe. *eCollege* has
> been recognized as a proven leader in the use of educational technology. Our
> Course Management System (CMS) was ranked first in customer satisfaction in
> 2007 in independent research conducted by the IMS Global Learning
> Consortium.
>
> According to leading IT researchers, more than 40% of all software will be
> deployed with on demand, or Software as a Service (SaaS) models by 2012. If
> you want to make a contribution to the future of learning and prefer an
> open-minded approach to work, join the *eCollege* team! As a Pearson
> company, *eCollege* offers competitive benefits in a challenging work
> environment, steeped in a supporting IT culture.
>
> Pearson Education is an Equal Opportunity Employer EOE/M/F/V/D.
>
>
>
> *SUMMARY*
>
> The Lead Application Security Engineer is responsible for implementing and
> enforcing application security policy.  The incumbent is also responsible
> for developer training, advocacy of secure development practices,
> penetration testing, secure design reviews, secure code reviews, and
> security incident response.
>
>
>
> *DUTIES AND RESPONSIBILITIES*
>
> ·         Architect and manage a process to scan code for security
> vulnerabilities and coordinate remediation efforts;
>
> ·         Manage penetration testing processes and vulnerability
> assessments of systems in order to identify system vulnerabilities;
>
> ·         Identifying security risks in the software architecture, design,
> and implementation processes;
>
> ·         Mentor developers and architects on secure development practices
>
> ·         Work closely with the Application Security Officer, Application
> Security Engineers, and other security stakeholders on identifying and
> remediating security risks
>
> ·         Will be involved with the following:   Input Validation (SQL
> Injection, Cross Site Scripting, Buffer Overflows etc), User Authentication
> ; Authorization; Cryptography; Cryptographic Algorithms and Associated
> Parameters; Digest Algorithms; Cryptographic Keys Protection; Cryptographic
> Protocols and Associated Parameters; Non-repudiation, Application
> Firewalling, Automated Penetration Testing, Automated Software Inspection,
> multiple models of Federated Authentication, privacy policy, General
> Authentication and Auditing; Output Validation; Credential Trust models;
> Password policy; Password Transmission and Storage; Avoidance of information
> disclosure; Defense in Depth
>
> ·         Configure, monitor and tune automated testing services
>
> ·         Work closely with CSO, ASO, & ISO to implement security
> policies;
>
> ·         Create white box & black box penetration test plans and conduct
> penetration testing in sandbox environments;
>
> ·         Mentor other security personnel
>
> ·         Compiles, generates, and maintains weekly activity report;
>
> ·         Conducts research and develops new technologies for client
> applications;
>
> ·         Other duties as assigned.
>
>
>
> *MANAGERIAL RESPONSIBILITIES* *Includes people, process or functions.*
>
> Mentoring of developers and security personnel; there is no direct
> personnel management responsibility. Management of multiple Application
> Security processes.
>
>
>
> *EDUCATION and/or EXPERIENCE*
>
> High school diploma or equivalent required, Bachelor's degree in Computer
> Science, IT, MIS, or Electrical Engineering preferred.  Five (5) plus years
> experience working in an internet environment with senior level coding
> experience; or equivalent education and experience to successfully perform
> the essential duties of the job.
>
>
> KNOWLEDGE, SKILLS AND ABILITIES
>
> ·         Knowledge of C#, Java, IIS and Apache
>
> ·         Strong understanding of Application Security topics
>
> ·         Familiarity with Security Standards and groups (OWASP, WASC,
> FISMA)
>
> ·         Deep knowledge of security vulnerability types and mitigation
> strategies
>
> ·         Demonstrated conceptual, analytical and innovative
> problem-solving and evaluation skills
>
> ·         Understanding of 3-tier architecture and the functional
> components of each layer
>
> ·         Ability to conduct independent research and analysis in the
> event of a security breach
>
> ·         Significant experience with manual penetration testing
>
> ·         Experience with automated blackbox penetration testing tools
>
> ·         Experience conducting secure code reviews
>
> ·         Ability to perform multiple tasks concurrently
>
> ·         Excellent customer service, communication (written and verbal),
> and interpersonal skills
>
> ·         Continually seeks opportunities to expand knowledge of emerging
> technologies.
>
> ·         Excellent organizational and time management skills
>
> ·         Ability to analyze complex problems and develop creative
> solutions
>
> ·         Ability to make timely and sound decisions
>
> ·         Ability to work efficiently in a fast paced environment
>
> ·         Ability to work on a team and independently
>
> ·         Ability to mentor and train
>
>
>
> *NOTE: This position is subject to a background check and verification of
> experience*
>
> * *
>
> *CERTIFICATES, LICENSES, REGISTRATIONS*
>
> OWASP / BlackHat / DefCon attendees / presenters preferred
>
>
>
> *PHYSICAL DEMANDS and* *WORK ENVIRONMENT    **The physical demands
> described here are representative of those that must be met by an employee
> to successfully perform the essential functions of this job. Reasonable
> accommodations may be made to enable individuals with disabilities to
> perform the essential functions.*
>
>
>
> This position is located within an office environment and consists of
> sitting at a computer in a cubicle setting 90% of the time.
>
>
>
> To apply, please visit us at www.eCollege.com or contact Michelle
> Rasmussen at 303.632.1072 with any questions.
>
>
>
>
>
> *Michelle Rasmussen*
>
> Recruiter
>
> micheller at ecollege.com
>
>
>
> 303.632.1072  |  303.484.3388 fax
>
> 4900 South Monaco St., Suite 200 Denver, CO  80237
>
> *e**College - **INNOVATIVE** eLearning. **PROVEN** Success.*
>
>
>
> Interested in employment opportunities with eCollege, please review
> openings and apply online at www.eCollege.com <http://www.ecollege.com/>
>
> * *
>
> *BE GREEN*
>
>
>
>
> _______________________________________________
> OWASP-DENVER mailing list
> OWASP-DENVER at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-denver
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-denver/attachments/20080414/45b3cfc3/attachment-0001.html 


More information about the OWASP-DENVER mailing list