Sr. Application Security Engineer
Bridge Tech
Full-time
On-site
Cherry Hills Village, Colorado, United States
Job Description
We need a resource who has experience working within a Vulnerability Management Program that understands Application Security with 5-7 years of security experience.
• Experience with any of the following commercial application scanning tools such as Acunetix, IBM's AppScan, Client's WebInspect, NTOSpider, Cenzic's Hailstorm, Burp Suite Professional
• Understanding of Web Services technologies such as XML, SOAP, and AJAX
• Understanding of various web application frameworks such as ASP.NET, J2EE, Zend
• Web Server configuration knowledge: Microsoft IIS, Apache HTTP Server, Apache Tomcat
• Experience in application level attacks, bypassing firewalls, evading intrusion detection
• Experience building automated tool sets or expanding existing toolset libraries
• Secure code review experience using automated toolsets
• Software Engineering career experience
• Following Certifications: CISSP, CEH, GWAPT, GPEN, OSCP
• Thorough understanding of software vulnerabilities
• Knowledge of OWASP Top 10, SANS Top 25, CWE, WASC
• Ability to demonstrate understanding of vulnerability remediation
• Familiarity with malicious code identification and common hacker attack techniques
• Ability to research and reproduce vulnerability exploitation
• Understanding of advanced cryptographic concepts.
• Ability to demonstrate manual testing experience including all of OWASP Top 10.
• Experience with any of the following commercial application scanning tools such as Acunetix, IBM's AppScan, Client's WebInspect, NTOSpider, Cenzic's Hailstorm, Burp Suite Professional
• Understanding of Web Services technologies such as XML, SOAP, and AJAX
• Understanding of various web application frameworks such as ASP.NET, J2EE, Zend
• Web Server configuration knowledge: Microsoft IIS, Apache HTTP Server, Apache Tomcat
• Experience in application level attacks, bypassing firewalls, evading intrusion detection
• Experience building automated tool sets or expanding existing toolset libraries
• Secure code review experience using automated toolsets
• Software Engineering career experience
• Following Certifications: CISSP, CEH, GWAPT, GPEN, OSCP
• Thorough understanding of software vulnerabilities
• Knowledge of OWASP Top 10, SANS Top 25, CWE, WASC
• Ability to demonstrate understanding of vulnerability remediation
• Familiarity with malicious code identification and common hacker attack techniques
• Ability to research and reproduce vulnerability exploitation
• Understanding of advanced cryptographic concepts.
• Ability to demonstrate manual testing experience including all of OWASP Top 10.
Qualifications
Skills Required
• Excellent problem solving and analytical skills
• Superior oral and technical writing communication skills
• Independence, self-managed, and motivated
• Knowledge of the Software Development Lifecycle in an enterprise environment
• Programming experience in two of the following languages: C#, Java, Python, Ruby
• Excellent problem solving and analytical skills
• Superior oral and technical writing communication skills
• Independence, self-managed, and motivated
• Knowledge of the Software Development Lifecycle in an enterprise environment
• Programming experience in two of the following languages: C#, Java, Python, Ruby
Additional Information
All your information will be kept confidential according to EEO guidelines.