Hey All. My colleagues and I are starting to notice a trend in the security job market. More of our enterprise clients are asking us to find application security specialists. A great deal of effort has been focused towards infrastructure security yet the applications environment has been largely neglected. This is starting to change. If you are interested in discussing these types of opportunities, regardless of your geography, please send your resume in Word with contact information. The following is a written job description from one of my active clients. It's fairly comprehensive. The unwritten requirement for all of these jobs is that the candidate must have a strong security background and coding skills as well as a consultative nature, client facing appearance (blue hair is generally frowned on), and the ability to act as a liaison between application developers who don't "get" security and the Information Security department. If this is an area of security that you are currently involved with or would like to make a transition to, send a message. Jeff Combs ************************************** Application Security Architect/Engineer Our job reference #510 Chicago, IL $90-100K base Responsibilities: -Research new information security technologies (in the areas of application and application infrastructure components) and propose ideas for new security service development. -Plan and execute all aspects of new security service development projects including the following project phases: business case development, requirements gathering, architecture development, product/service selection and procurement, functional & QA testing, detailed technical design, technology infrastructure implementation and deployment, migration from existing services, operational process and procedure documentation, operations staff training, internal marketing material development. -Advise and consult internal clients on appropriate application of existing security services to solve their problems or enable new business opportunities. -Deliver previously developed information security services in support of client needs including: requirements gathering, technical design, service deployment and integration, migration, operational transition, end user documentation, user training. -Serve as the subject matter expert on a number of production security technologies and fulfill corresponding vendor relationship and product/service acquisition, support, and maintenance contract management. -Provide 4th level (technical architecture design and vendor management issues) support for a number of production security technologies. Qualifications: In depth hands-on experience in as many of the following technologies as possible: - Development languages: C, C++, Java, UML, XML, XSLT, applied in Object Oriented (OO) n-tier application development environment. - Application frameworks and their built-in security services & API’s: Sun J2EE, MS COM+, MS .NET, OMG CORBA or others. - General application security API’s and protocols: GSS-API, MS CryptoAPI, PAM, Kerberos, DCE Security Service, SSL/TLS, SAML, S/MIME, PKCS API’s, or others. - Application Authentication & Authorization Systems: Netegrity SiteMinder, RSA ClearTrust, Entrust GetAccess, Oblix NetPoint, or others. -Cryptographic tool kits for application development: RSA BSAFE, Certicom Security Builder, or others. - Built-in security functions and services of application infrastructure components: Oracle, DB2/UDB, MS IIS, MS BizTalk Server, MS Integration Server, IBM WebSphere, iPlanet Directory, MS Active Directory, SAP R/3, Vitria BusinessWare, IBM MQSeries, MSMQ, MS Exchange, BEA WebLogic, or others. - Application layer Intrusion Detection Systems: Sanctum AppShield, or others. - PKI systems: Entrust Authority CA, RSA Keon, or others. Stellar technical writing, documentation development, process mapping, and visual communication, skills. Experience in managing several (2 to 4) concurrent large-scale enterprise wide information technology capability development projects. Excellent interpersonal and verbal communication skills. Financial services industry (Insurance, Banking, Investments) experience a plus. Contact: Jeff Combs Alta Associates, Inc. 908-806-8442 e-mail: jeffat_private Visit us at www.altaassociates.com
This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 08:33:19 PDT