Randstad Application Security Engineer in New York, New York

Application Security Engineer

job details:

  • location:New York, NY

  • salary:$60 - $80 per hour

  • date posted:Tuesday, March 6, 2018

  • job type:Contract

  • industry:Information Technology

  • reference:606330

job description

Required Skillset:

  • Deep knowledge of common web application vulnerabilities identified under OWASP Top 10 (e.g. XSS, CSRF, click jacking) and their mitigation strategies

  • Minimum 5 years of hands on software developer experience and should be able to read and write code.

Knowledge of:

  • Dynamic Scanning

  • Evaluating external Pen Testing results - ensure results are mitigated within expected turnaround time based on risk level of items

  • Using tools like BurpSuite, OWASP ZAP and Fiddler to perform internal Pen Testing, verify the resolution of previously reported items and to pro-actively identify issues earlier in SDLC process

  • Using tools like Veracode and Whitehat for dynamic scanning and working with the team to educate them on best practices to resolve reported findings

  • Static Scanning

  • Using tools like Veracode and HP Fortify at the point of software builds

  • Using tools like Dependency Checker to identify all dependencies and any CWE's (Common Weakness Enumeration)

  • Ensure secure coding standards are in place - educate team on standards and best practices - continue to grow standards over time

  • Ensure code reviews are in place and happening at the level we expect

  • Related Technologies:

  • .Net (ASP.Net / C#)

  • JavaScript

  • AngularJS

  • SQL Server / Postgresql

  • System security vulnerabilities and remediation techniques

  • Network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

  • Security across multiple disciplines (data, database, operating system)

Work with DEV and QA teams to ensure application security principles are enforced in various stages of SDLC process

Experience working in a security capacity with development team(s) that deliver a software-based service

Strong understanding of threat modeling and security methodologies

Familiar with protocol analysis and cryptography

Any security related certification such as CISSP, CSSLP CEH GIAC preferred.