Information Security Engineer - Applications

Responsibilities:

· Assuring that IT application software and infrastructure is designed and implemented to applicable security standards. Will utilize probing applications and review code for security holes.

· Perform risk and vulnerability assessments, penetration tests and potential incident response, especially relating to applications/databases; analyze results and make recommendations

· Assist in the development, configuration of various systems (especially relating to applications/databases) to ensure adequate security of high performance, highly available, and mission critical applications

· Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the software organization.

· Serve as a Subject Matter Expert (SME) on application/database security topics.

· Have hands-on experience on developing software as a programmer, especially  web application development experience in Java or .Net technologies

· Work with Information Security department head and systems engineers to define security requirements for infrastructure implementations.

· Stay abreast of security trends and new technologies that will enhance current and future security architectures.

· Identify, report, and resolve security violations as well as maintain systems to protect data from unauthorized users.

· Represent Information security department during ongoing audits.

· Educate staff though the use of the Intranet on security subjects promoting awareness.


   

Qualifications:

 

· Bachelor's Degree in Computer Science or related field.

· 5+ years practical experience in information security, including 2-5 years involving risk management in the area of applications development, with at least two of those years relating to database development..

· Deep understanding of the strategic elements and processes of corporate security in a business environment.

· Extensive knowledge of LAN/WAN architecture including Novell/NT/UNIX servers, frame relay, TCP/IP.

· At least four years in a security role preferable, especially as it relates to applications/databases.

· Understand 3-tier architecture and the functional components of each layer.

· Whitebox testing:

o  Manually Review source code such as ASP/.NET, Java, C++/C#/C, Perl, PHP, Python and Java for vulnerabilities;

o  Experience using code scanners 

· Blackbox testing:

o  Experience using WebScanners 

o  Vulnerability scanners 

o  Database scanners 

· Provide guidance on potential exploit data and impacts to existing applications.

o  Exposure to OWASP and CVE vulnerabilities. 

o  Knowledge of the following: Input Validation (SQL Injection, Cross Site Scripting, Buffer Overflows etc), Authentication ; Authorization; Cryptography; Cryptographic Algorithms and Associated Parameters; Cryptographic Keys Protection; Cryptographic Protocols and Associated Parameters; Cryptographic: Using Public Key Infrastructure ; Cryptography for Confidentiality; Application Security; General Authentication; Output Validation; Passwords; Password Complexity; Password Expiration and Lockout; Password Transmission and Storage; Passwords Protection; Production Application Instance Sensitive Information; State Management : Cookies and Session; Trust

· Requires in-depth knowledge of TCP/IP and related communication protocols.  Some knowledge of  basic unix network communications,  Windows NT networking communication and NT authentication schemes (Kerberos, NTLM, AD), web applications access databases (JDBC, ODBC, Sqlnet, etc.).

· Strong verbal, written and interpersonal skills are required.

· Certifications desired: CISSP, GIAC.

 

Please submit resume AND salary requirements to hr@intersections.com or fax 703-488-6223.  Resumes without salary requirement will NOT be considered.

 

Intersections Inc. is an Equal Opportunity Employer. EOE/M/F/D/V.