Title: QA Engineer
Targeted Job Start Date 1/2/2013
Travel Required none
Hire Type: Contract
Overview:
Serve as a Web Application Security Engineer, specializing in security vulnerability assessments (manual/automated) of applications and systems.
Contract Length: 3 Months
Location: Beaverton, OR
T&E Provided: Yes
Responsibilities:
Review and identify areas of exposure/risk in developed and/or purchased applications.
Review application source code and stored procedures for potential vulnerabilities and exploits
Write secure application requirements for the technical specifications in order to ensure development related projects are designed holistically to provide security.
Perform White-Box and Grey-Box Web Application Security Assessments on all applications.
Assist software developers and QA/Test engineers regarding secure coding techniques.
Assist with the development of secure coding standards, policies and guidelines.
Assist with incident handling and response activities
Qualifications:
Experience (typically gained from 3-5 years) working in Information Security
Experience (typically gained from 3-5 years) working with Object Oriented and Secure Programming Techniques, preferably Java
Experience (typically gained from 1-2 years) with web programming (e.g., ASP.NET, PHP, Perl CGI, or Java)
Experience with Web Application Testing and Code analysis tools such as WebInspect, NTOSpider, AppScan, Fortify, or CodeSecure
Experience identifying security vulnerabilities from source code reviews and testing.
Experience building secure application level solutions and defining application security requirements for projects
Advanced knowledge of secure communications and encryption technologies.
Advanced knowledge of common application vulnerabilities, (e.g., XSS, SQLi, OS command injection, cookie manipulation and session hijacking).
Intermediate understanding of XML, SOAP and AJAX.
Intermediate level proficiency with SQL and Oracle databases.
Basic level proficiency with Windows and Linux operating systems
Extremely process and detail oriented
Strong written and verbal communication skills
Extremely process and detail oriented
Strong written and verbal communication skills, and familiarity with preparing documentation
Desired Education:
Bachelor’s degree preferred
Desired Certifications:
General security certifications (CISSP, CEH, OSCP, OSCE, GPEN, or CPT) highly desired but not required