Lead Application Security Engineer

for Request Technology, LLC in Chicago, IL

Report
Skills:
application security, ethical hacking, pen testing, black box testing, vulnerability assessment, Fortify 
Location:
Chicago, IL
Area Code:
312 
Travel Req:
none 
Telecommute:
no 
Pay Rate:
125k-150k + bonus 
Tax Term:
FULLTIME 
Length:
permanent/fulltime 
Posted:
10-30-2014 
Position ID:
sb-appsec 
Dice ID:
napil006 

Prestigious Leading Enterprise Financial Firm in downtown Chicago seeks Application Security Engineers. This role will provide leadership on how to best improve  application security assessment program and take the lead performing manual application security assessments, assisting developers using static source code scanning tools such as Fortify.

Requirements

- Excellent Oral and Written communications skills. We have to be able to document and communicate the findings.
- Expert level skills with UNIX or Linux
- Expert level skills with application security testing tools including Burpsuite, SQL MAP, Metasploit
Self motivated and a self starter. If you have a question, find the answer, ask somebody, figure it out, and communicate.
- Expert level skills in the Microsoft Office suite of tools
- Have a passion on application security testing. Be able to share your passion and learnings with your teammates and our customers.
- Be able to explain how to perform a manual application security assessment

- Manual review of source code (Java, C#, C++, *) for security vulnerabilities
- Dynamic assessment of HTTP and proprietary protocols

Job Functions

- You will participate in various points in the software development life cycle
- Participate and lead security architecture reviews
- Help development teams and QA set up static testing tools
- Perform a manual security assessment at several points of the SDLC
- Produce documentation on your manual assessments
- Create meaningful metrics on the assessments that you have performed and be able to communicate them. If we can't document and articulate the work we are doing, we aren't doing any work.
- Be able to train others on the tools and processes that you use, and be comfortable sharing your knowledge with junior level employees and interns. Its all about learning and sharing.
- Be able to present your assessments to a group. Be able to present and defend your position.
- Have an interest in continuing your education. Find classes and conferences you want to attend and tell us about them, including Black Hat and Def Con. Know where to find the information to keep yourself current and expand awareness of the exploits that are out there that we have to protect ourselves against. The security exploit world is rapidly expanding and dynamic and we need people who understand that and can keep us ahead of the curve.

Nice to have

- CISSP certification
- Fortify
- Coverity

 

Stephanie Baker
Request Technology, LLC
200 East 5th Ave.
Suite 116
Naperville, IL 60563
Phone: (630) 717-5865
Fax: 630717.1109