Bridge Technologies and Solutions
Sr. Application Security Engineer
Bridge Technologies and Solutions, San Francisco, California, United States, 94199
Overview
We need a resource who has experience working within a Vulnerability Management Program that understands Application Security with 5-7 years of security experience.
Experience with commercial application scanning tools such as Acunetix, IBM AppScan, WebInspect, NTOSpider, Cenzic Hailstorm, or Burp Suite Professional
Understanding of Web Services technologies such as XML, SOAP, and AJAX
Understanding of various web application frameworks such as ASP.NET, J2EE, Zend
Web server configuration knowledge: Microsoft IIS, Apache HTTP Server, Apache Tomcat
Experience in application level attacks, bypassing firewalls, evading intrusion detection
Experience building automated tool sets or expanding existing toolset libraries
Secure code review experience using automated toolsets
Software Engineering career experience
Certifications: CISSP, CEH, GWAPT, GPEN, OSCP
Thorough understanding of software vulnerabilities
Knowledge of OWASP Top 10, SANS Top 25, CWE, WASC
Ability to demonstrate understanding of vulnerability remediation
Familiarity with malicious code identification and common hacker attack techniques
Ability to research and reproduce vulnerability exploitation
Understanding of advanced cryptographic concepts
Ability to demonstrate manual testing experience including all of OWASP Top 10
Qualifications
Excellent problem solving and analytical skills
Superior oral and technical writing communication skills
Independence, self-managed, and motivated
Knowledge of the Software Development Lifecycle in an enterprise environment
Programming experience in two of the following languages: C#, Java, Python, Ruby
Additional Information All your information will be kept confidential according to EEO guidelines.
#J-18808-Ljbffr
Experience with commercial application scanning tools such as Acunetix, IBM AppScan, WebInspect, NTOSpider, Cenzic Hailstorm, or Burp Suite Professional
Understanding of Web Services technologies such as XML, SOAP, and AJAX
Understanding of various web application frameworks such as ASP.NET, J2EE, Zend
Web server configuration knowledge: Microsoft IIS, Apache HTTP Server, Apache Tomcat
Experience in application level attacks, bypassing firewalls, evading intrusion detection
Experience building automated tool sets or expanding existing toolset libraries
Secure code review experience using automated toolsets
Software Engineering career experience
Certifications: CISSP, CEH, GWAPT, GPEN, OSCP
Thorough understanding of software vulnerabilities
Knowledge of OWASP Top 10, SANS Top 25, CWE, WASC
Ability to demonstrate understanding of vulnerability remediation
Familiarity with malicious code identification and common hacker attack techniques
Ability to research and reproduce vulnerability exploitation
Understanding of advanced cryptographic concepts
Ability to demonstrate manual testing experience including all of OWASP Top 10
Qualifications
Excellent problem solving and analytical skills
Superior oral and technical writing communication skills
Independence, self-managed, and motivated
Knowledge of the Software Development Lifecycle in an enterprise environment
Programming experience in two of the following languages: C#, Java, Python, Ruby
Additional Information All your information will be kept confidential according to EEO guidelines.
#J-18808-Ljbffr