Prestigious Leading Enterprise Financial Firm in downtown Chicago seeks Application Security Engineers. This role will provide leadership on how to best improve application security assessment program and take the lead performing manual application security assessments, assisting developers using static source code scanning tools such as Fortify.
- Excellent Oral and Written communications skills. We have to be able to document and communicate the findings.
- Expert level skills with UNIX or Linux
- Expert level skills with application security testing tools including Burpsuite, SQL MAP, Metasploit
Self motivated and a self starter. If you have a question, find the answer, ask somebody, figure it out, and communicate.
- Expert level skills in the Microsoft Office suite of tools
- Have a passion on application security testing. Be able to share your passion and learnings with your teammates and our customers.
- Be able to explain how to perform a manual application security assessment
- Manual review of source code (Java, C#, C++, *) for security vulnerabilities
- Dynamic assessment of HTTP and proprietary protocols
- You will participate in various points in the software development life cycle
- Participate and lead security architecture reviews
- Help development teams and QA set up static testing tools
- Perform a manual security assessment at several points of the SDLC
- Produce documentation on your manual assessments
- Create meaningful metrics on the assessments that you have performed and be able to communicate them. If we can't document and articulate the work we are doing, we aren't doing any work.
- Be able to train others on the tools and processes that you use, and be comfortable sharing your knowledge with junior level employees and interns. Its all about learning and sharing.
- Be able to present your assessments to a group. Be able to present and defend your position.
- Have an interest in continuing your education. Find classes and conferences you want to attend and tell us about them, including Black Hat and Def Con. Know where to find the information to keep yourself current and expand awareness of the exploits that are out there that we have to protect ourselves against. The security exploit world is rapidly expanding and dynamic and we need people who understand that and can keep us ahead of the curve.
Nice to have
- CISSP certification