Lead Application Security Engineer

application security, ethical hacking, pen testing, black box testing, vulnerability assessment, Fortify
Full Time, permanent/fulltime 100k-150k + bonus
Travel not required Telecommuting not available

Job Description

Prestigious Leading Enterprise Financial Firm in downtown Chicago seeks Application Security Engineers. This role will provide leadership on how to best improve  application security assessment program and take the lead performing manual application security assessments, assisting developers using static source code scanning tools such as Fortify.

Requirements

- Excellent Oral and Written communications skills. We have to be able to document and communicate the findings.
- Expert level skills with UNIX or Linux
- Expert level skills with application security testing tools including Burpsuite, SQL MAP, Metasploit
Self motivated and a self starter. If you have a question, find the answer, ask somebody, figure it out, and communicate.
- Expert level skills in the Microsoft Office suite of tools
- Have a passion on application security testing. Be able to share your passion and learnings with your teammates and our customers.
- Be able to explain how to perform a manual application security assessment

- Manual review of source code (Java, C#, C++, *) for security vulnerabilities
- Dynamic assessment of HTTP and proprietary protocols

Job Functions

- You will participate in various points in the software development life cycle
- Participate and lead security architecture reviews
- Help development teams and QA set up static testing tools
- Perform a manual security assessment at several points of the SDLC
- Produce documentation on your manual assessments
- Create meaningful metrics on the assessments that you have performed and be able to communicate them. If we can't document and articulate the work we are doing, we aren't doing any work.
- Be able to train others on the tools and processes that you use, and be comfortable sharing your knowledge with junior level employees and interns. Its all about learning and sharing.
- Be able to present your assessments to a group. Be able to present and defend your position.
- Have an interest in continuing your education. Find classes and conferences you want to attend and tell us about them, including Black Hat and Def Con. Know where to find the information to keep yourself current and expand awareness of the exploits that are out there that we have to protect ourselves against. The security exploit world is rapidly expanding and dynamic and we need people who understand that and can keep us ahead of the curve.

Nice to have

- CISSP certification
- Fortify
- Coverity

 

Posted By

Stephanie Baker

200 East 5th Ave., Suite 116 Naperville, IL, 60563

Contact
Dice Id : napil006
Position Id : sb-appsec

Similar Positions

Systems Security Consultant
  • Evolution Services, Inc.
  • Chicago, IL
Information Security Analyst
  • Proxim Systems
  • Chicago, IL
Security Engineer - QUALYS
  • Principle Solutions Group
  • Chicago, IL
Lead Application Security Engineer
  • Request Technology, LLC
  • Chicago, IL
Information Systems Security Engineer
  • NueVista Group
  • Chicago, IL
Information Security Analyst
  • Palace Gate Corporation
  • Chicago, IL
Security Engineer
  • Resource 1
  • Chicago, IL
Security Analyst / Security Engineer - ACCUITY - Skokie IL
  • Reed Business Information
  • Skokie, IL