ASM Research, An Accenture Federal Services Company
Operation Security Engineer II
ASM Research, An Accenture Federal Services Company, Dover, Delaware, United States, 19904
Overview
Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. Responsibilities
Conduct vulnerability assessment and manual/automated code reviews Perform software security architecture and design reviews Support identification, interpretation, and remediation of vulnerabilities across various applications, programming languages and platforms Demonstrate vulnerabilities to application owners and provide mitigation recommendations Apply technical knowledge to analyze/develop, create, and implement process improvements, troubleshooting, and operational support Identify AppSec related tools and conduct analysis; provide recommendations Liaison between development teams and stakeholders to understand and formulate security requirements Define, maintain, and enforce application security best practices Experience with SAST, DAST, and OSA tools Performs and conducts penetration tests and manual/automated code reviews Experience with programming languages such as Java, .NET, C#, etc. Knowledge of Secure Coding practices and OWASP Top 10, SANS 25, CVE, etc. Identify AppSec tools and conduct analysis; provide recommendations Minimum Qualifications
Bachelors Degree in Computer Science, Engineering, or other technical discipline or equivalent relevant experience. 7+ years of experience as an Application Security Developer, Application Security Analyst, or equivalent. Other Job Specific Skills
Expertise with application server technologies such as Java, .Net, Python, etc. In-depth knowledge of security technologies, single-sign-on and identity management technologies Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP Knowledge of web application vulnerabilities such as XSS, session hijacking, SQL injection, CSRF, OWASP Top 10, and other attack vectors Hands-on experience with encryption, hashing, secure RNG, key derivation, digital signatures Knowledge of network, system, and application layer attacks and mitigation methods; TCP/IP, HTTP/S, and related protocols Experience with static code analysis tools including HP Fortify, Checkmarx; familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or intercepting proxy tools Experience working with GIT Solid working knowledge of Unix/Linux Experience with technologies such as Vagrant, Chef, Rake, Gradle, Jenkins; Cache DB preferred Understanding of Agile/Scrum methodologies Compensation Ranges
Compensation ranges for ASM Research positions vary depending on multiple factors, including location, skill set, education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees. EEO Requirements
It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies. All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment. Disclaimer
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. #J-18808-Ljbffr
Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. Responsibilities
Conduct vulnerability assessment and manual/automated code reviews Perform software security architecture and design reviews Support identification, interpretation, and remediation of vulnerabilities across various applications, programming languages and platforms Demonstrate vulnerabilities to application owners and provide mitigation recommendations Apply technical knowledge to analyze/develop, create, and implement process improvements, troubleshooting, and operational support Identify AppSec related tools and conduct analysis; provide recommendations Liaison between development teams and stakeholders to understand and formulate security requirements Define, maintain, and enforce application security best practices Experience with SAST, DAST, and OSA tools Performs and conducts penetration tests and manual/automated code reviews Experience with programming languages such as Java, .NET, C#, etc. Knowledge of Secure Coding practices and OWASP Top 10, SANS 25, CVE, etc. Identify AppSec tools and conduct analysis; provide recommendations Minimum Qualifications
Bachelors Degree in Computer Science, Engineering, or other technical discipline or equivalent relevant experience. 7+ years of experience as an Application Security Developer, Application Security Analyst, or equivalent. Other Job Specific Skills
Expertise with application server technologies such as Java, .Net, Python, etc. In-depth knowledge of security technologies, single-sign-on and identity management technologies Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP Knowledge of web application vulnerabilities such as XSS, session hijacking, SQL injection, CSRF, OWASP Top 10, and other attack vectors Hands-on experience with encryption, hashing, secure RNG, key derivation, digital signatures Knowledge of network, system, and application layer attacks and mitigation methods; TCP/IP, HTTP/S, and related protocols Experience with static code analysis tools including HP Fortify, Checkmarx; familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or intercepting proxy tools Experience working with GIT Solid working knowledge of Unix/Linux Experience with technologies such as Vagrant, Chef, Rake, Gradle, Jenkins; Cache DB preferred Understanding of Agile/Scrum methodologies Compensation Ranges
Compensation ranges for ASM Research positions vary depending on multiple factors, including location, skill set, education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees. EEO Requirements
It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies. All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment. Disclaimer
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. #J-18808-Ljbffr