Lead Application Security Engineer

For the past 11 years, eCollege has been improving educational delivery methods by providing enterprise eLearning solutions with innovative technology and high-touch services. eCollege provides an on demand, or Software as a Service (SaaS) learning platform to growing colleges, universities and educational institutions across the globe. eCollege has been recognized as a proven leader in the use of educational technology. Our Course Management System (CMS) was ranked first in customer satisfaction in 2007 in independent research conducted by the IMS Global Learning Consortium. According to leading IT researchers, more than 40% of all software will be deployed with on demand, or Software as a Service (SaaS) models by 2012. If you want to make a contribution to the future of learning and prefer an open-minded approach to work, join the eCollege team! As a Pearson company, eCollege offers competitive benefits in a challenging work environment, steeped in a supporting IT culture.Pearson Education is an Equal Opportunity Employer EOE/M/F/V/D.



SUMMARYThe Lead Application Security Engineer is responsible for implementing and enforcing application security policy. The incumbent is also responsible for developer training, advocacy of secure development practices, penetration testing, secure design reviews, secure code reviews, and security incident response.DUTIES AND RESPONSIBILITIESArchitect and manage a process to scan code for security vulnerabilities and coordinate remediation efforts;Manage penetration testing processes and vulnerability assessments of systems in order to identify system vulnerabilities;Identifying security risks in the software architecture, design, and implementation processes;Mentor developers and architects on secure development practicesWork closely with the Application Security Officer, Application Security Engineers, and other security stakeholders on identifying and remediating security risksWill be involved with the following: Input Validation (SQL Injection, Cross Site Scripting, Buffer Overflows etc), User Authentication ; Authorization; Cryptography; Cryptographic Algorithms and Associated Parameters; Digest Algorithms; Cryptographic Keys Protection; Cryptographic Protocols and Associated Parameters; Non-repudiation, Application Firewalling, Automated Penetration Testing, Automated Software Inspection, multiple models of Federated Authentication, privacy policy, General Authentication and Auditing; Output Validation; Credential Trust models; Password policy; Password Transmission and Storage; Avoidance of information disclosure; Defense in DepthConfigure, monitor and tune automated testing servicesWork closely with CSO, ASO, & ISO to implement security policies;Create white box & black box penetration test plans and conduct penetration testing in sandbox environments;Mentor other security personnelCompiles, generates, and maintains weekly activity report;Conducts research and develops new technologies for client applications;Other duties as assigned.MANAGERIAL RESPONSIBILITIES Includes people, process or functions.Mentoring of developers and security personnel; there is no direct personnel management responsibility. Management of multiple Application Security processes. EDUCATION and/or EXPERIENCEHigh school diploma or equivalent required, Bachelor's degree in Computer Science, IT, MIS, or Electrical Engineering preferred. Five (5) plus years experience working in an internet environment with senior level coding experience; or equivalent education and experience to successfully perform the essential duties of the job. KNOWLEDGE, SKILLS AND ABILITIESKnowledge of C#, Java, IIS and ApacheStrong understanding of Application Security topicsFamiliarity with Security Standards and groups (OWASP, WASC, FISMA)Deep knowledge of security vulnerability types and mitigation strategiesDemonstrated conceptual, analytical and innovative problem-solving and evaluation skillsUnderstanding of 3-tier architecture and the functional components of each layerAbility to conduct independent research and analysis in the event of a security breachSignificant experience with manual penetration testingExperience with automated blackbox penetration testing tools Experience conducting secure code reviewsAbility to perform multiple tasks concurrentlyExcellent customer service, communication (written and verbal), and interpersonal skillsContinually seeks opportunities to expand knowledge of emerging technologies.Excellent organizational and time management skillsAbility to analyze complex problems and develop creative solutionsAbility to make timely and sound decisionsAbility to work efficiently in a fast paced environmentAbility to work on a team and independentlyAbility to mentor and trainNOTE: This position is subject to a background check and verification of experienceCERTIFICATES, LICENSES, REGISTRATIONS OWASP / BlackHat / DefCon attendees / presenters preferred