Application Security Engineer
Number of positions: 1
Duration: 6M C2H, Direct
Job Location: Des Peres
Our internal job number: 10845
Sr. Application Security Engineer
The main purpose of this position is to work in a team environment to identify vulnerabilities in our complex software architecture. The engineer will be responsible for participating in the design, performing security code reviews and conducting application security tests against a wide variety of applications. This position will be responsible for taking the lead on team initiatives and mentoring other engineers.
· Review and identify areas of exposure/risk in developed and/or purchased applications.
· Review application source code and stored procedures for potential vulnerabilities and exploits.
· Write secure application requirements for the technical specifications in order to ensure development related projects are designed holistically to provide security.
· Perform White-Box and Black-Box Web Application Security Assessments on all applications.
· Mentor software developers and application security engineers regarding secure coding techniques.
· Assist with the development of secure coding standards, policies and guidelines.
· Assist with incident handling and response activities.
Knowledge, Skills and Abilities:
· Strong work ethic and be able to effectively multi-task in a fast paced support environment.
· Ability to identify security vulnerabilities from source code reviews and testing.
· Ability to build secure application level solutions.
· Ability to define application security requirements for projects.
· Advanced knowledge of Object Oriented and Secure Programming Techniques, preferably in one or more of the following languages: Java, C#, ASP.NET.
· Advanced knowledge of secure communications and encryption technologies.
· Advanced experience with at least one common compiled language (e.g., C, C++, Java, or C#) and one scripting language (e.g., Perl, Python, or Java).
· Advanced knowledge of common application vulnerabilities, (e.g., XSS, SQLi, OS command injection, cookie manipulation and session hijacking).
· Intermediate understanding of XML, SOAP and AJAX.
· Intermediate web programming experience (e.g., ASP.NET, PHP, Perl CGI, or Java).
· Intermediate level proficiency with SQL and Oracle databases.
· Basic understanding of the layers of the OSI model.
· Intermediate level proficiency with Microsoft Word, Excel, Project, PowerPoint, Visio and Outlook.
· Basic level proficiency with Windows and Linux operating systems.
Education and Experience:
· Bachelor’s degree in MIS, Computer Science, Information Security, or related field, or equivalent combination of education and experience required.
· 4+ years information security or 8+ years application development experience required.
· 3+ years application development experience in C/C++, .Net, Java, or J2EE required.
· 3+ years experience performing application security tests against web sites or web applications required.
· Ability to speak, read, and type in English and Chinese (Mandarin and/or Cantonese) preferred.