ASM Research, An Accenture Federal Services Company
Operation Security Engineer II
ASM Research, An Accenture Federal Services Company, Salem, Oregon, us, 97308
Overview
Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. Responsibilities
Define best practices, perform software security architecture and design reviews, and support the identification, interpretation, and remediation of vulnerabilities across various applications, programming languages and platforms. Define, maintain, and enforce application security best practices. Conduct vulnerability assessments and perform manual/automated code reviews. Demonstrate vulnerabilities to application owners and provide mitigation recommendations. Experience with SAST, DAST, and OSA tools. Perform penetration testing and manual/automated code reviews. Work with programming languages such as Java, .NET, C#, etc. Apply secure coding practices and knowledge of OWASP Top 10, CVE, SANS 25, and related guidance. Identify application security related tools, conduct tool analysis, and provide recommendations. Apply technical knowledge to analyze, develop, create, and implement process improvements, troubleshooting, and operational support. Minimum Qualifications
Bachelors Degree in Computer Science, Engineering, or other technical discipline or equivalent relevant experience. 7+ years of experience as an Application Security Developer, Application Security Analyst, or equivalent. Other Job Specific Skills
Expertise with application server technologies such as Java, .NET, Python, etc. In-depth knowledge of security technologies, single sign-on, and identity management technologies. Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP. Knowledge of web application vulnerabilities such as XSS, session hijacking, SQL injection, CSRF, OWASP Top 10, and other attack vectors. Hands-on experience with encryption, hashing, secure random number generation, key derivation, and digital signatures. Knowledge of network, system, and application-layer attacks and mitigation methods; familiarity with TCP/IP, HTTP/S, and related protocols. Experience with static code analysis tools (e.g., HP Fortify, Checkmarx); familiarity with JavaScript, Node.js, or other scripting languages and BurpSuite or other intercepting proxy tools. Experience working with Git source code management. Solid working knowledge of Unix/Linux operating systems. Experience with technologies such as Vagrant, Chef, Rake, Gradle, Jenkins; familiarity with Cache DB is preferred. Understanding of Agile/Scrum methodologies is preferred. Compensation
Compensation ranges for ASM Research positions vary depending on factors including location, skill set, education, certifications, client requirements, contract-specific affordability, government clearance, and years of experience. The compensation displayed for this role is a general guideline and is unique to each role. Monetary compensation is one component of ASMs overall compensation and benefits package for employees. EEO Requirements
ASM is an equal opportunity employer. An individuals race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation, or national origin will not be considered in any personnel or management decisions. All recruiting, hiring, training, and promoting for all job classifications are done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment. Physical Requirements
The physical requirements described herein are representative of those that must be met by an employee to successfully perform the primary functions of this job. Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions. Disclaimer
The preceding job description is intended to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. #J-18808-Ljbffr
Evaluates application security in all phases of the software development life cycle. Works closely with team members to define application security best practices, performs software architecture and design reviews, and supports the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. Responsibilities
Define best practices, perform software security architecture and design reviews, and support the identification, interpretation, and remediation of vulnerabilities across various applications, programming languages and platforms. Define, maintain, and enforce application security best practices. Conduct vulnerability assessments and perform manual/automated code reviews. Demonstrate vulnerabilities to application owners and provide mitigation recommendations. Experience with SAST, DAST, and OSA tools. Perform penetration testing and manual/automated code reviews. Work with programming languages such as Java, .NET, C#, etc. Apply secure coding practices and knowledge of OWASP Top 10, CVE, SANS 25, and related guidance. Identify application security related tools, conduct tool analysis, and provide recommendations. Apply technical knowledge to analyze, develop, create, and implement process improvements, troubleshooting, and operational support. Minimum Qualifications
Bachelors Degree in Computer Science, Engineering, or other technical discipline or equivalent relevant experience. 7+ years of experience as an Application Security Developer, Application Security Analyst, or equivalent. Other Job Specific Skills
Expertise with application server technologies such as Java, .NET, Python, etc. In-depth knowledge of security technologies, single sign-on, and identity management technologies. Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP. Knowledge of web application vulnerabilities such as XSS, session hijacking, SQL injection, CSRF, OWASP Top 10, and other attack vectors. Hands-on experience with encryption, hashing, secure random number generation, key derivation, and digital signatures. Knowledge of network, system, and application-layer attacks and mitigation methods; familiarity with TCP/IP, HTTP/S, and related protocols. Experience with static code analysis tools (e.g., HP Fortify, Checkmarx); familiarity with JavaScript, Node.js, or other scripting languages and BurpSuite or other intercepting proxy tools. Experience working with Git source code management. Solid working knowledge of Unix/Linux operating systems. Experience with technologies such as Vagrant, Chef, Rake, Gradle, Jenkins; familiarity with Cache DB is preferred. Understanding of Agile/Scrum methodologies is preferred. Compensation
Compensation ranges for ASM Research positions vary depending on factors including location, skill set, education, certifications, client requirements, contract-specific affordability, government clearance, and years of experience. The compensation displayed for this role is a general guideline and is unique to each role. Monetary compensation is one component of ASMs overall compensation and benefits package for employees. EEO Requirements
ASM is an equal opportunity employer. An individuals race, color, religion, sex, disability, age, gender identity, veteran status, sexual orientation, or national origin will not be considered in any personnel or management decisions. All recruiting, hiring, training, and promoting for all job classifications are done without regard to race, color, religion, sex, veteran status, disability, gender identity, or age. All decisions on employment are made to abide by the principle of equal employment. Physical Requirements
The physical requirements described herein are representative of those that must be met by an employee to successfully perform the primary functions of this job. Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions. Disclaimer
The preceding job description is intended to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. #J-18808-Ljbffr