Skip navigation
Security Consultant - Application Security

Security Consultant - Application Security

Job Description

Overview:

CANDIDATES CAN LIVE ANYWHERE IN THE CONTINENTAL U.S.
 
If you have multiple years of experience on Application Security in a Java or .NET Framework using C#, VB, or ASP and enjoy the challenge of working with clients to identify, analyze, and report application vulnerabilities, then we have the opportunity for you!
This position:  Is focused on providing application security consulting services, including, but not limited to automated and manual run-time assessments, automated and manual code review, threat modeling, secure SDLC review and development, and secure code training for developers.
Requires excellent written and communication skills, and a demonstrated technical expertise in security, programming and application vulnerabilities.
While focused on service delivery, provides the opportunity to participate in other phases of the sales and consulting lifecycle, such as, pre-sales, requirements collection, project scoping, and training.



Responsibilities:

  • Focused on providing application security consulting services, including, but not limited to automated and manual run-time assessments, automated and manual code review, threat modeling, secure SDLC review and development, and secure code training for developers.
  • Requires excellent written and communication skills, and a demonstrated technical expertise in security, programming and application vulnerabilities.
  • Provides the opportunity to participate in multiple areas of the consulting role such as services delivery, training, pre-sales, requirements collection, and scope design.

Job Requirements

REQUIRED EXPERIENCE/EDUCATION:
 
Education: Possession of a relevant Bachelor’s Degree or equivalent training and experience in programming, networking and security fundamentals, and application and database security.  
Experience: Two to five years of employment with significant responsibilities for enterprise application development, application security assessments, source code analysis, and/or application security vulnerability research, analysis and consulting.  Experience in identifying application vulnerabilities, appropriate security-related solutions, and strategies for risk mitigation.
 
Preference will be made for candidates holding certification and education such as:
-Advanced technical degrees
-Offensive Security Certified Professional
-SANS certification
-Or demonstrated expertise.
 
REQUIRED SKILLS/KNOWLEDGE:
-Excellent written and verbal communication skills
-Working knowledge of automated application security-related tools such as AppScan, WebInspect, Fortify, and AppScan Source (formerly Ounce Security Analyst)
-Ability to deliver secure code training to developers
-Working knowledge of manual assessment tools such as HTTP Proxies (Burp, Webscarab, Spike), browser plug-ins (Web Developer Toolbar, Firebug, etc.), automation scripts (Perl/Python), fuzzers (w3af, Peach, etc.), and other commercial and open source tools
-Working knowledge of application assessment and code review methodologies
-Working knowledge of application security vulnerabilities and secure coding practices
-Working knowledge of object oriented programming and design fundamentals
-Expert knowledge of web technologies (.ASP, .NET, Java)
-Exposure to Application Security Maturity Models (OpenSAMM, BSIMM)
-Exposure to information security vulnerability concepts, issues and mitigation methods
-Experience with business and functional requirements collection
-Ability to participate in a group oriented environment
-Ability to complete assigned tasks or projects with limited supervision
-Ability to work under demanding circumstances and accomplish objectives
Strong analytical skills to troubleshoot technical problems and determine resolution
 
PREFERRED SKILLS/KNOWLEDGE:
-Working knowledge of networking, network design and network security
-Exposure to a range of security products such as Authentication, Firewalls, Intrusion Detection and Prevention Systems, and a variety of other related technologies
-Ability to deliver secure code training to developers
FNS is an Equal Opportunity Employer and does not discriminate against any employee or applicant on the basis of race, creed, color, sex, sexual orientation, age, marital status, handicap, disability, religion, national origin, military service, or any other protected category. We have established an Affirmative Action program to initiate and promote equal employment opportunities. As an Affirmative Action Employer, we make every effort to ensure that our workforce represents the diversity of our labor market and that employees and applicants are given full consideration for development and advancement within our employment structure.
 
Although FishNet Security has attempted to accurately and thoroughly describe this position, we reserve the right to change, add to or subtract from the duties outlined, within the sole discretion of FishNet Security, at any time, with or without advance notice.
 
We are an equal opportunity employer.  We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other protected characteristics. 
 
 
*LI-JS2

Job Snapshot

Employment Type Full-Time
Job Type Consultant, Professional Services
Education 4 Year Degree
Experience Not Specified
Manages Others Not Specified
Industry Other Great Industries
Required Travel Not Specified
Job ID 2011-1403
CareerBuilder Tip:
For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using CareerBuilder.com you are agreeing to comply with and be subject to the CareerBuilder.com Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.

Security Consultant - Application Security


Enter notes about this job:

Cancel