[Owasp-portuguese] Fwd: [Owasp-brazilian] Vaga Senior IT Security Analyst - Curitiba, PR

Carlos Serrao carlos.serrao at iscte.pt
Fri Apr 23 19:04:06 EDT 2010

Aqui fica uma oportunidade no Brasil!

Begin forwarded message:

> From: "Eduardo V. C. Neves" <eduardo at camargoneves.com>
> Date: 23 de Abril de 2010 22:21:07 WEST
> To: owasp-brazilian at lists.owasp.org
> Subject: [Owasp-brazilian] Vaga Senior IT Security Analyst - Curitiba, PR
> Pessoal,
> A vaga é para Curitiba e o empregador exige conhecimento de Segurança em Aplicação com uso de ferramentas e metodologias promovidas pelo OWASP. Informações e detalhes diretamente com o contato no HSBC CGLT.
> Abraço,
> Eduardo
> Senior IT Security Analyst 
> - Plan and coordinate security projects according to a structured process, including managing schedules and generating detailed documentation of project approach and results 
> - Lead other team members and act as project manager on selected security projects 
> - Perform highly technical/analytical security assessments of custom web applications, including manual penetration testing, source and configuration review. 
> - Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications 
> - Own tracking, remediation, and risk acceptance for identified security vulnerabilities. 
> - Coordinate efforts of various external teams in planning, test execution and vulnerability mitigation 
> - Develop in-house solutions, when necessary, e.g. for issue tracking or metrics 
> - Clearly and professionally document root cause and risk analysis of all findings 
> - Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks 
> - Code and demonstrate basic proof-of-concept exploits of vulnerabilities 
> - Advise on vulnerability remediation, control implementation and secure development practices 
> - Ensure that company security policies are implemented, enforced, and enhanced when appropriate 
> - Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices; report control weaknesses, compliance breaches and - operational loss events 
> - Lead/participate in team discussions to formulate new or enhance existing processes and standards 
> - Lead the evaluation of new security technologies 
> - Monitor security industry information sources and keep abreast of events, research, and developments 
> - Configure and employ security testing software and apply results to security analysis 
> - Lead security incident response activities 
> - Complete other responsibilities, as assigned. 
> REQUIREMENTS (experience, required skills) 
> Must have: 
> - Extensive understanding of Application Security 
> - Direct, hands-on experience in application penetration testing or application security design and implementation 
> - Strong, demonstrable aptitude for and interest in information security and application security 
> Other requirements 
> - Proven leadership skills, including strong initiative, consensus-building and ability to collaborate directly with a variety of clients (business, development, compliance, etc.) 
> - Strong written communication (writing sample to be requested) 
> - Polished and professional verbal communication skills, experienced facilitator and briefer 
> - Ability to adapt and apply application security expertise to new scenarios and technologies 
> - Broad awareness of security analysis tools and techniques, security products 
> - Good understanding of web-based application architectures (J2EE, Portal) 
> - Good understanding of SQL and common database platforms 
> - Working knowledge of network/internet security 
> - Demonstrated ability to lead and manage projects 
> Preferred qualifications: 
> - Source Code review from a security perspective (Java and javascript) 
> - Knowledge of Unix-based platforms, HTTP, application and network security technologies 
> - Fluent or Advanced English language skills 
> Contato:
> Sergio L Filho, PMP 
> Email. sergio.l.filho at hsbcglt.com.br 
> _______________________________________________
> Owasp-brazilian mailing list
> Owasp-brazilian at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-brazilian

Carlos Serrão, Ph.D.
ISCTE/DCTI Assistant Professor | ADETTI/NetMuST Project and Team Manager 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-portuguese/attachments/20100424/17fcb833/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2673 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-portuguese/attachments/20100424/17fcb833/attachment.bin 

More information about the Owasp-portuguese mailing list