Application Security Engineer

Local Candidates Preferred. Non-local candidates must be willing to pay for your own interview travel expenses and relocation costs.Candidates submitted over the max. bill rate will be automatically disqualified and counted as a submittal. For each position CBD allows only 2 (two) submittals from our sub-vendors/partners. So please send us only the exact matching profiles for better chances of shortlisting and quick response.Job DescriptionRole : Application Security EngineerDuration : 9 MonthsPosition Summary:This role will be responsible for the Application Risk Program Management. The individual will ensure the Security of all applications and systems running in the BCUS domain. This includes understanding all existing web based (Java & .NET) and other third party applications running in the environment, reviewing security provisions of all new applications and major changes in the environment. Penetration testing of various application systems on a regular basis is a required skill along with managing and reviewing the work of other testers including contract testers. Reporting to Management on a regular basis through well-defined metrics is required. This individual should have business acumen and detailed understanding of the Software development lifecycle. Work with application development team leads to ensure application security is aligned with policy, security best practices and business needs.Knowledge, Skills, Education, Experience, and Competencies:Knowledge of the software development lifecycle in a large enterprise environment including agile processes and practices.Experience with performing manual and automated code review and develop/propose/enforce secure coding standards and policies.Knowledge of the OWASP top 10 and related exploitation techniques, including but not limited to cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems.Good understanding of various web application architectures and web technologies (Java, MS .NET etc.)Experience in application firewalls, and intrusion prevention systems (e.g. Mod security).Experience with commercial application scanning tools (DAST) like IBM's AppScan, HP's WebInspect, etc.Experience with commercial static analysis tools (SAST) like HP's Fortify, Klockworks etc.In-depth knowledge of any proxying and/or fuzzing tools such as Paros, Burp, WebScarab, OWASP ZAP etc.Familiar with WebServices technologies like XML, SOAP, and AJAX.Understanding of server and client side application development, Middleware softwares (Oracle's WebLogic, IBM's WebSphere, Apache Tomcat).Proficiency in utilization of information security tools such as Nmap, Nessus, Burp Suite, Kismet, and Metasploit; manual techniques to exploit vulnerabilities in networks and applications.Industry security certifications preferred (CISSP, CISA, CCNA etc).Equal Opportunity Employer

Cloud Big Data Technologies is an equal opportunity employer inclusive of female, minority, disability and veterans, (M/F/D/V). Hiring, promotion, transfer, compensation, benefits, discipline, termination and all other employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity, age, disability, national origin, citizenship/immigration status, veteran status or any other protected status. Cloud Big Data Technologies will not make any posting or employment decision that does not comply with applicable laws relating to labor and employment, equal opportunity, employment eligibility requirements or related matters. Nor will Cloud Big Data Technologies require in a posting or otherwise U.S. citizenship or lawful permanent residency in the U.S. as a condition of employment except as necessary to comply with law, regulation, executive order, or federal, state, or local government contract.

#J-18808-Ljbffr