Application Security Engineer

Location: Des Peres, MO
Date Posted: 12-07-2012
Application Security Engineer
Number of positions: 1
Duration: 6M C2H, Direct
Job Location: Des Peres
Our internal job number: 10845
Sr. Application Security Engineer
The main purpose of this position is to work in a team environment to identify vulnerabilities in our complex software architecture.  The engineer will be responsible for participating in the design, performing security code reviews and conducting application security tests against a wide variety of applications.  This position will be responsible for taking the lead on team initiatives and mentoring other engineers.
·         Review and identify areas of exposure/risk in developed and/or purchased applications.
·         Review application source code and stored procedures for potential vulnerabilities and exploits.
·         Write secure application requirements for the technical specifications in order to ensure development related projects are designed holistically to provide security.
·         Perform White-Box and Black-Box Web Application Security Assessments on all applications.
·         Mentor software developers and application security engineers regarding secure coding techniques.
·         Assist with the development of secure coding standards, policies and guidelines.
·         Assist with incident handling and response activities.
Knowledge, Skills and Abilities:
·         Strong work ethic and be able to effectively multi-task in a fast paced support environment.
·         Ability to identify security vulnerabilities from source code reviews and testing.
·         Ability to build secure application level solutions.
·         Ability to define application security requirements for projects.
·         Advanced knowledge of Object Oriented and Secure Programming Techniques, preferably in one or more of the following languages:  Java, C#, ASP.NET.
·         Advanced knowledge of secure communications and encryption technologies.
·         Advanced experience with at least one common compiled language (e.g., C, C++, Java, or C#) and one scripting language (e.g., Perl, Python, or Java).
·         Advanced knowledge of common application vulnerabilities, (e.g., XSS, SQLi, OS command injection, cookie manipulation and session hijacking).
·         Intermediate understanding of XML, SOAP and AJAX.
·         Intermediate web programming experience (e.g., ASP.NET, PHP, Perl CGI, or Java).
·         Intermediate level proficiency with SQL and Oracle databases.
·         Basic understanding of the layers of the OSI model.
·         Intermediate level proficiency with Microsoft Word, Excel, Project, PowerPoint, Visio and Outlook.
·         Basic level proficiency with Windows and Linux operating systems.
Education and Experience:
·         Bachelor’s degree in MIS, Computer Science, Information Security, or related field, or equivalent combination of education and experience required.
·         4+ years information security or 8+ years application development experience required.
·         3+ years application development experience in C/C++, .Net, Java, or J2EE required.
·         3+ years experience performing application security tests against web sites or web applications required.
·         Ability to speak, read, and type in English and Chinese (Mandarin and/or Cantonese) preferred.
Best Regards,
Tom Allen
Tech Connect
(w) 417-230-5498
(c) 417-230-5498
this job portal is powered by CATS