A minimum equivalent of experience and/or education that would provide the
relevant knowledge and abilities to perform the type of work described herein.
Education: Achievement of a relevant Bachelor’s Degree or equivalent years of relevant coursework, training, and experience in programming, networking and security fundamentals, application security, and database security.
Experience: Five to eight years of relevant Application Security experience, including web and mobile application security assessments, source code analysis, enterprise application development, application security vulnerability research, analysis and consulting, and vulnerability management mitigation, and remediation.
Working knowledge of automated application security scanning tools such as IBM AppScan and AppScan Source, HP WebInspect and Fortify, or similar commercial solutions and toolset
Working knowledge of manual assessment tools such as HTTP Proxies (Burp Suite Pro, Webscarab, Spike), browser plug-ins (Web Developer Toolbar, Firebug), automation scripts (Perl/Python), fuzzers (w3af, Peach), or similar commercial and open source tools
Working knowledge of application security assessment and code review methodologies
Working knowledge of application security vulnerabilities, remediation and mitigation techniques, and secure coding practices
Working knowledge of object oriented programming and design fundamentals
Expert knowledge of web technologies (.ASP, .NET, Java)
Exposure to Application Security Maturity Models (OpenSAMM, MS SDL)
Experience with business and functional requirements collection
Strong leadership and organizationalskills
Excellent written and verbal communication skills
Excellent facilitation skills and ability to lead group discussions
Experience in mentoring and coaching staff
Ability to complete assigned tasks or projects with limited supervision
Ability to work under demanding circumstances and accomplish objectives
Strong analytical skills to troubleshoot technical problems and determine resolution
Advanced Technical Degrees
Certification (OSCE, CISSP, SANS)
Ability and experience in delivering security awareness training
Experience in speaking or presenting at national and local security conferences and events
Working knowledge of networking, network design, and network security
Exposure to a range of security products such as Authentication, Firewalls, Intrusion Detection and Prevention Systems
Although FishNet Security has attempted to accurately and thoroughly describe this position, we reserve the right to change, add to or subtract from the duties
outlined, within the sole discretion of FishNet Security, at any time, with or
without advance notice.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.