Skip navigation

Principal Security Consultant, Application Security

Job Description

Overview:

CANDIDATES CAN LIVE ANYWHERE IN THE CONTINENTAL U.S.

If you have multiple years of application security assessment experience, enjoy
the challenge of working with customers to analyze, identify, and report
application vulnerabilities, and eager to become part of the leadership team of
a growing consulting practice, then, we have the opportunity for you!





Responsibilities:



This position:


Is focused on providing application
security consulting services, including, but not limited to, automated and
manual run-time assessments, automated and manual code reviews, application threat
modeling, and secure SDLC review and development services.


Requires excellent written and verbal
communication skills and demonstrated technical depth and breadth of expertise
in security, programming, and application vulnerabilities.


Provides the opportunity to
participate in multiple aspects of the consulting role, such as, services
delivery, training, pre-sales, requirements collection, and project scoping.

Job Requirements

REQUIRED EDUCATION/EXPERIENCE:

A minimum equivalent of experience and/or education that would provide the
relevant knowledge and abilities to perform the type of work described herein.


Education: Achievement of a relevant
Bachelor’s Degree or equivalent years of relevant coursework, training, and
experience in programming, networking and security fundamentals, application security,
and database security.


Experience: More than seven years of
relevant Application Security experience, including web and mobile application
security assessments, source code analysis, enterprise application development,
application security vulnerability research, analysis and consulting, and
vulnerability management mitigation, and remediation.

REQUIRED SKILLS/KNOWLEDGE/SPECIFIC EXPERIENCE


Expert knowledge of automated
application security scanning tools such as IBM AppScan and AppScan Source, HP WebInspect
and Fortify, or similar commercial solutions and toolset


Expert knowledge of manual
assessment tools such as HTTP Proxies (Burp Suite Pro, Webscarab, Spike),
browser plug-ins (Web Developer Toolbar, Firebug), automation scripts
(Perl/Python), fuzzers (w3af, Peach), or similar commercial and open source tools


Expert knowledge of application security
assessment and code review methodologies


Expert knowledge of application
security vulnerabilities, remediation and mitigation techniques, and secure
coding practices


Working knowledge of object oriented
programming and design fundamentals


Expert knowledge of web technologies
(.ASP, .NET, Java)


Working knowledge of Application
Security Maturity Models (OpenSAMM, MS SDL)


Experience with business and
functional requirements collection


Experience in providing technical
oversight over other project team members to maintain engagement quality


Experience in delivering security
awareness training


Experience in speaking or presenting
at national and local security conferences and events, or equivalent thought
leadership activities


Working knowledge of networking,
network design, and network security


Exposure to a range of security
products such as Authentication, Firewalls, and Intrusion Detection and
Prevention Systems


Strong leadership and organizational
skills


Excellent written and verbal
communication skills


Excellent facilitation skills and
ability to lead group discussions


Experience in mentoring and coaching
staff


Ability to lead teams under
demanding circumstances to accomplish project team objectives


Strong analytical skills to
troubleshoot technical problems and determine resolution

PREFERRED SKILLS/KNOWLEDGE:


Advanced Technical Degrees


Certification (OSCE, CISSP, SANS)

Although FishNet Security has attempted to accurately and thoroughly describe this
position, we reserve the right to change, add to or subtract from the duties
outlined, within the sole discretion of FishNet Security, at any time, with or
without advance notice.

We are an equal opportunity employer.  We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other protected characteristics. 

*LI-JS2


Job Snapshot

Post Date 6/20/2014
Location Miami, FL
Employment Type Full-Time
Job Type Consultant, Professional Services
Education 4 Year Degree
Experience Not Specified
Manages Others Not Specified
Industry Other Great Industries
Required Travel Not Specified
Job ID 2013-1970
CareerBuilder Tip:
For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using CareerBuilder.com you are agreeing to comply with and be subject to the CareerBuilder.com Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.