[OWASP-Raleigh, NC] [JOB OPENING] Security Services opening at HP

Enders, Hans hans.enders at hp.com
Fri Jul 2 12:22:28 EDT 2010

And for those more geared towards research and evangelism, our research arm out of Atlanta is looking for people as well....


Are you a security superstar?

The HP Web Security Research Group is actively seeking fresh brains (in bodies) to work on our cutting edge web application assessment technology. Have you used HTTP methods in casual conversation, or thought about exploiting an XSS attack in a social network to make Angelina Jolie your friend? Then it's a match made in heaven (but assembled in Atlanta). We want somebody interested in discovering vulnerabilities in RIA like Silverlight and Flash, and who wants to tackle intriguing issues like JavaScript static analysis. We need an individual interested in finding the best methods for automating detection of issues like XSRF, persistent XSS, and URL rewriting. We're working on these challenges and even more, all in a fun and fast-paced environment. If you and your brain are interested, contact gabriel.braslavsky at hp.com for more information.

Hans Enders | HP Presales Consultant | +1 919-279-5189 | hans.enders at hp.com 

     "Habeas data"

-----Original Message-----
From: owasp-raleigh-bounces at lists.owasp.org [mailto:owasp-raleigh-bounces at lists.owasp.org] On Behalf Of Enders, Hans
Sent: Friday, July 02, 2010 12:15 PM
To: owasp-raleigh at lists.owasp.org
Subject: [OWASP-Raleigh, NC] [JOB OPENING] Security Services opening at HP

I work in the HP Application Security Center (formerly SPI Dynamics) and there is an opening in our Professional Services group for a pentester/installer.  The candidate can live anywhere in the U.S.  Although the description lists 75% travel, the manager indicates only 50%, and in reality they have travelled 15% this year.  I guess more clients are becoming comfortable with remote demonstrations and such.

The contact is Ryan.English at hp.com in Atlanta.  Since there is an active referral bonus program I would appreciate you mentioning me as well.

If you are a freelancer and do not want to join any corporate behemoth, Ryan is also amenable to hiring consultants for one-offs as volume dictates.  One of my buds got shipped to Australia for 4 weeks to help Stach & Liu with a HP implementation, so one just never knows!

Hans Enders | HP Presales Consultant | +1 919-279-5189 | hans.enders at hp.com 

     "Habeas data"


Title: Application Security consultant  

Job Description
HP is looking for a qualified Sr. Application Security Consultant that has deep Application Security experience.  Consultant should have experience with performing Web Application Assessments, Network Penetration Testing, and be capable of manually exploiting/validating any vulnerabilities identified.    In addition to being able to perform security testing the consultant must have strong technical writing skills, so that exploits can be properly documented.   

Job will also involve implementing HP Application Security Products (ex. AMP, WebInspect, and QAInspect). 50% of the job will be performing security assessments and the other 50% will be devoted to security product implementations.  Applicants should have experience with application security products from HP/SPI Dynamics or IBM/Watchfire.

Candidate must be willing to work with minimum supervision to accomplish customer objectives.  Network Security experience is a plus.  Candidate must be willing to travel 75% of the time.   

The following qualifications are expected from potential applicants: 
*	3 years Web Application Security experience
*	Experience with Application Security products from HP/SPI Dynamics or IBM/Watchfire
*	Strong Unix, Windows and networking security skills 
*	Degree in Computer Science, Information Systems, Engineering or related major 
*	Minimum of 5 years Information Security experience 
*	Strong communication skills (written and oral) 
*	CISSP Certified 
*	75% travel may be required

More information about the Owasp-raleigh mailing list