Application Security Consultant

Job Title:Application Security Consultant

Location:US-IL-Chicago

Targeted Start10/1/2012

Travel Requiredno

Overview:

Application Security Consultant will act as in internal consultant to development teams and will perform daily, hands-on, software security assessment and remediation activities as part of the application security program.

Responsibilities:

Perform software security activities within the defined application security program including; application vulnerability testing and analysis, code review, use of common tools, written and verbal articulation of remediation recommendations and follow up. Advise development teams on application security controls, methods, and remediations. Perform activities such as:

Application Security Testing

Protocol Analysis

Reverse engineering Java and .NET development

Qualifications:

Essential experience (typically gained from 3-5 years) working with and applying best-practices in corporate application security programs and providing advise for development teams inclusive of:

Secure coding practices, and application vulnerability assessment and penetration testing methodologies

Development background in Java and .NET

Very strong written and verbal communications skills

Writing technical reports based on findings and assist in the remediation progress working with development and security teams.

Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc).

Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.)

Essential experience (typically gained from 1-2 years) working with common tools in application security inclusive of:

Application vulnerability scanning using tools such as App Scan, NTO Spider, Web Inspect

Static analysis and code review tools such as Ounce, Fortify, App Scan Source Edition

Desired Certifications:

Certified Secure Software Lifecycle Professional (CSSLP) preferred