('binary' encoding is not supported, stored as-is) The Application Security Consultant identifies technical strategies for minimizing application software vulnerabilities. Typical activities include: - Meeting with client's technical staff to understand the architecture of the application. - Performing application security audits. - Software source code reviews using automated vulnerability testing tools and manual review of code. - Providing risk mitigation strategies For example, an Application Security consultant may work with a Stock Brokerage firm to ensure their online trading application written in J2EE with an Oracle backend is secure from common vulnerabilities such as buffer overruns, cross-site scripting attacks and SQL injection attacks. Candidates should be familiar with tools that find vulnerabilities in source code such as: WhiteHat Arsenal 1.05, Sanctum AppScan SPI Dynamics WebInspect ITS4 KaVaDo ScanDo @stake Web Proxy ...and have attended conferences such as Black Hat, Defcon or SANS. Occasional travel to client sites across North America required. Successful candidate has proven experience working as an application security consultant for a firm like @stake, Foundstone, Cenzic, Accenture, CapGemini, etc.. Please note that my client also has a variety of other openings that are listed at http://nc-inc.com/securityjobs.htm All discussions are confidential. Thanks in advance, Keith Allison Executive Recruiter Net-Consultants keith@nc-inc.com http://nc-inc.com Net-Consultants is a search firm that helps companies proactively recruit the best talent. Clients include pre-IPO firms funded by VC's including Mid Atlantic Venture Funds, New Enterprise Associates and Mohr Davidow Ventures.
This archive was generated by hypermail 2b30 : Mon Oct 28 2002 - 10:37:00 PST