ASM Research, An Accenture Federal Services Company
Operation Security Engineer II
ASM Research, An Accenture Federal Services Company, Little Rock, Arkansas, United States, 72208
Overview
Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. Responsibilities
Define application security best practices; perform software security architecture and design reviews; support the identification, interpretation, and remediation of vulnerabilities across applications, languages, and platforms. Conduct vulnerability assessment and manual/automated code reviews. Demonstrate vulnerabilities to application owners and provide mitigation recommendations. Experience with SAST, DAST, and OSA tools; perform penetration tests and manual/automated code reviews. Identify appsec related tools, conduct tool analysis, and provide recommendations. Apply technical knowledge to analyze/develop, create, and implement process improvements, troubleshooting, and operational support. Minimum Qualifications
Bachelors Degree in Computer Science, Engineering, or other engineering/technical discipline or equivalent relevant experience. 7+ years of experience as an Application Security Developer, Application Security Analyst, or equivalent. Other Job Specific Skills
Expertise with application server technologies such as JAVA, .Net, Python, etc. In-depth knowledge of security technologies, single-sign-on and identity management technologies. Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP. Knowledge of web application vulnerabilities such as XSS, session hijacking, SQL injection, CSRF, OWASP Top 10, and other attack vectors. Hands-on experience with encryption, hashing, secure RNG, key derivation, digital signatures, etc. Knowledge of network-based, system-level and application-layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols. Experience with static code analysis tools (e.g., HP Fortify, Checkmarx); familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or other intercepting proxy tools. Experience working with Git source code management. Solid working experience and knowledge of Unix/Linux operating systems. Experience with technologies such as Vagrant, Chef, Rake, Gradle, Jenkins; Cache DB preferred. Understanding of Agile/Scrum methodologies preferred. Compensation
Compensation ranges for ASM Research positions vary depending on factors including location, skill set, education, certifications, client requirements, contract affordability, government clearance, and years of experience. This compensation is a general guideline and is one component of ASM's overall compensation and benefits package. EEO and Compliance
It is the policy of ASM that race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation, or national origin are not considered in any personnel decisions. We affirm our commitment to these policies. All recruiting, hiring, training, and promoting for all job classifications is done without regard to these factors. All employment decisions comply with equal opportunity principles. Physical Requirements
The physical requirements described are representative of those needed to perform the primary functions of this job. Reasonable accommodations may be made for individuals with qualifying disabilities. Disclaimer
The preceding job description indicates the general nature and level of work performed. It is not designed to be a comprehensive inventory of all duties, responsibilities, and qualifications required. 103400-145000 #J-18808-Ljbffr
Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. Responsibilities
Define application security best practices; perform software security architecture and design reviews; support the identification, interpretation, and remediation of vulnerabilities across applications, languages, and platforms. Conduct vulnerability assessment and manual/automated code reviews. Demonstrate vulnerabilities to application owners and provide mitigation recommendations. Experience with SAST, DAST, and OSA tools; perform penetration tests and manual/automated code reviews. Identify appsec related tools, conduct tool analysis, and provide recommendations. Apply technical knowledge to analyze/develop, create, and implement process improvements, troubleshooting, and operational support. Minimum Qualifications
Bachelors Degree in Computer Science, Engineering, or other engineering/technical discipline or equivalent relevant experience. 7+ years of experience as an Application Security Developer, Application Security Analyst, or equivalent. Other Job Specific Skills
Expertise with application server technologies such as JAVA, .Net, Python, etc. In-depth knowledge of security technologies, single-sign-on and identity management technologies. Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP. Knowledge of web application vulnerabilities such as XSS, session hijacking, SQL injection, CSRF, OWASP Top 10, and other attack vectors. Hands-on experience with encryption, hashing, secure RNG, key derivation, digital signatures, etc. Knowledge of network-based, system-level and application-layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols. Experience with static code analysis tools (e.g., HP Fortify, Checkmarx); familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or other intercepting proxy tools. Experience working with Git source code management. Solid working experience and knowledge of Unix/Linux operating systems. Experience with technologies such as Vagrant, Chef, Rake, Gradle, Jenkins; Cache DB preferred. Understanding of Agile/Scrum methodologies preferred. Compensation
Compensation ranges for ASM Research positions vary depending on factors including location, skill set, education, certifications, client requirements, contract affordability, government clearance, and years of experience. This compensation is a general guideline and is one component of ASM's overall compensation and benefits package. EEO and Compliance
It is the policy of ASM that race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation, or national origin are not considered in any personnel decisions. We affirm our commitment to these policies. All recruiting, hiring, training, and promoting for all job classifications is done without regard to these factors. All employment decisions comply with equal opportunity principles. Physical Requirements
The physical requirements described are representative of those needed to perform the primary functions of this job. Reasonable accommodations may be made for individuals with qualifying disabilities. Disclaimer
The preceding job description indicates the general nature and level of work performed. It is not designed to be a comprehensive inventory of all duties, responsibilities, and qualifications required. 103400-145000 #J-18808-Ljbffr