• 703-891-5000
  • info@targetlabs.net
  • 8300 Old courthouse road, Suite. 250, Vienna, VA - 22182

QA ENGINEER

01-11-2013

QA ENGINEER

Title: QA Engineer

Targeted Job Start Date 1/2/2013

Travel Required none

Hire Type: Contract

 

Overview:

 

Serve as a Web Application Security Engineer, specializing in security vulnerability assessments (manual/automated) of applications and systems.

 

Contract Length: 3 Months

 

Location: Beaverton, OR

 

T&E Provided: Yes

 

Responsibilities:

 

Review and identify areas of exposure/risk in developed and/or purchased applications. 
Review application source code and stored procedures for potential vulnerabilities and exploits 
Write secure application requirements for the technical specifications in order to ensure development related projects are designed holistically to provide security. 
Perform White-Box and Grey-Box Web Application Security Assessments on all applications. 
Assist software developers and QA/Test engineers regarding secure coding techniques. 
Assist with the development of secure coding standards, policies and guidelines. 
Assist with incident handling and response activities

 

Qualifications:

 

Experience (typically gained from 3-5 years) working in Information Security 
Experience (typically gained from 3-5 years) working with Object Oriented and Secure Programming Techniques, preferably Java 
Experience (typically gained from 1-2 years) with web programming (e.g., ASP.NET, PHP, Perl CGI, or Java) 
Experience with Web Application Testing and Code analysis tools such as WebInspect, NTOSpider, AppScan, Fortify, or CodeSecure 
Experience identifying security vulnerabilities from source code reviews and testing. 
Experience building secure application level solutions and defining application security requirements for projects 
Advanced knowledge of secure communications and encryption technologies. 
Advanced knowledge of common application vulnerabilities, (e.g., XSS, SQLi, OS command injection, cookie manipulation and session hijacking). 
Intermediate understanding of XML, SOAP and AJAX. 
Intermediate level proficiency with SQL and Oracle databases. 
Basic level proficiency with Windows and Linux operating systems 
Extremely process and detail oriented 
Strong written and verbal communication skills 
Extremely process and detail oriented 
Strong written and verbal communication skills, and familiarity with preparing documentation

 

Desired Education:

 

Bachelor’s degree preferred

 

Desired Certifications:

 

General security certifications (CISSP, CEH, OSCP, OSCE, GPEN, or CPT) highly desired but not required