Prestigious Leading Enterprise Financial Firm in downtown Chicago seeks an Application Security Engineer. The Global Information Security Application Security team is looking for an application security engineer to join our rapidly growing team. We will provide you a challenging environment and state of the art application security testing tools for you to be successful helping us improve our application security assessment processes.
We are looking for a highly motivated individual to perform HP Fortify, HP Web Inspect and NTOP administration tasks and learn how to erform manual application security, assessments, assisting developers using static source code scanning tools such as Fortify, and being able to communicate your findings to our developers and QA teams
- Experience administering Fortify (must have,). HP Web Inspect (optional), NTO (optional),
- Excellent oral and written communications skills.We have to be able to document and communicate the findings. Expert level skills with UNIX or Linux.
- Skills with application security testing tools including Burpsuite, SQL MAP Metasploit
- Self motivated and a self starter with strong communication skills
- Expert level skills in the Microsoft Office suite of tools.
- Has a passion for appljc, ation security testing. Able to share this passion and learnings with teammates and customers. Able to explain how to perform a manual application security assessment.
- Experience with manual review of source code (Java, C#, C++,') for security vulnerabilities. Experience with dynamic assessment of HTIP and proprietary protocols.
- Participate at various points in the software development life cycle. Participate in security architecture eviews
- Help development teams and QA set up static and dynamic testing tools.
- Perform administration tasks and upgrades of HP Fortify, HP Web Inspect and NTO. Perform a manual security assessment at several points of the SDLC
- Produce documentation on manual assessments
- Create meaningful metrics on the assessments that have been performed and be able to communicate them
- Train others on the tools and processes that used, and be comfortable sharing this knowledge with junior level employees and interns. Present assessments to a group.
- Attend classes and conferences, including Black Hat and Def Con, to keep yourself current and expand awareness of the exploits that are out there that we have to protect ourselves against. The security exploit world is rapidly expanding and dynamic and we need people who understand that and can keep us ahead of the curve.
Nice to have
- CISSP certification