• 703-891-5000
  • info@targetlabs.net
  • 8300 Old courthouse road, Suite. 250, Vienna, VA - 22182

APPLICATION SECURITY CONSULTANT

09-20-2012

APPLICATION SECURITY CONSULTANT

Job Title: Application Security Consultant

Location: US-IL-Chicago

Targeted Start 10/1/2012

Travel Required no

 

Overview:

 

Application Security Consultant will act as in internal consultant to development teams and will perform daily, hands-on, software security assessment and remediation activities as part of the application security program.

 

Responsibilities:

 

Perform software security activities within the defined application security program including; application vulnerability testing and analysis, code review, use of common tools, written and verbal articulation of remediation recommendations and follow up. Advise development teams on application security controls, methods, and remediations. Perform activities such as:

    Application Security Testing

    Source Code Review

    Protocol Analysis

    Reverse engineering Java and .NET development

 

Qualifications:

 

Essential experience (typically gained from 3-5 years) working with and applying best-practices in corporate application security programs and providing advise for development teams inclusive of:

Secure coding practices, and application vulnerability assessment and penetration testing methodologies

Development background in Java and .NET

Very strong written and verbal communications skills

Writing technical reports based on findings and assist in the remediation progress working with development and security teams.

Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc).

Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.)

 

Essential experience (typically gained from 1-2 years) working with common tools in application security inclusive of:

    Application vulnerability scanning using tools such as AppScan, NTO Spider, WebInspect

    Static analysis and code review tools such as Ounce, Fortify, AppScan Source Edition

 

Desired Certifications:

 

Certified Secure Software Lifecycle Professional (CSSLP) preferred