Careers

• Current Openings
• Submit Your Resume
• Benefits

email: careers@consortiuminc.com

.Net Application Security Engineer w/AppScan Source

We are seeking a .NET Application SECURITY engineer who has worked with AppScan Source. This is a long term contract in DC and requires a public trust clearance. The key responsibilities of this position are to carry out the agency’s security engineering program.  This includes vulnerability detection and verification in applications and databases via dynamic and static testing, building an AppStore of application security components and creating demonstrable examples.

Education and Experience:  

• B.S. in the Information Security, Computer Science, or related field.
• Very proficient in identifying and verifying security vulnerabilities in Web applications, SOA/Web Services, databases, application source code and configuration files.
• Extensive hands-on .NET security programming experience.
• Very proficient in application and database level vulnerability scanning, penetration testing, and building test images in a VM environment with extensive hands on experience with Linux, KVM, VMware, and Window.
• 5+ years experience in application and database level vulnerability scanning and penetration testing, building test images using Linux, KVM, VMware, and Window.
• 5+ years of experience in performing secure code review for .Net and Java based applications.
• Able to demonstrate to developers how to use the application security components to mitigate security vulnerabilities in applications, services, and databases.
• Able to build and manage a component repository using open source software such as Subversion

 

Required Skills and Competencies:

In-depth knowledge and extensive hands-on experience in dynamic analysis techniques, tools, and best practice.

Extensive knowledge of the process, techniques, and technology used in vulnerability scan and penetration testing against applications, services, and databases.

Extensive hands-on experience with commercial vulnerability scanning tools for applications, services, and databases, such as Web Inspect, Burp Proxy, App Detective, AppScan Enterprise.

Extensive hands-on experiences with popular free and/or Open Source application level security scanners, penetration testing and proxy tools.

Hands on experiences in performing manual penetration testing against Web applications, Web Services, LDAP, database, and mobile applications.

Solid understanding of top application, service, and database level vulnerabilities.

Solid understanding of top vulnerabilities for mobile applications and systems.

In-depth knowledge and extensive hands-on experience in static analysis techniques, tools, and best practice.

In-depth knowledge of .Net languages, such as C#, ASP.net, LINQ, and be able to define coding and configuration best practice.

In-depth knowledge of script languages used in Web applications and Databases, such as JavaScript, HTML, and Transact-SQL.

Very proficient in identifying and verifying security vulnerabilities in Web applications, SOA/Web Services, databases, application source code and configuration files using static analysis tools, such as AppScan Source Edition.
Hands-on experience with the AppScan Source is required.

Very proficient in identifying application security components and creating demonstrable  examples of how to use these components to mitigate vulnerabilities in applications, services, and databases.

Solid understanding of top application, service, and database level vulnerabilities.

Solid  understanding of common structure and security weakness in typical Web  applications, mobile applications and systems, SOA/Web Services, and Cloud      based services.

Proficient with Java.

Very proficient in identifying application security components and creating demonstrable examples of how to use these components to mitigate vulnerabilities in applications, services, and databases for .Net.
Proficient with security architectural principles.

Knowledge of Red Hat Linux, Ubuntu KVM, Windows, and VMware server and workstation, and can create and maintain virtual machine images for vulnerability scanning and penetration testing.

Proficient in building and managing a component repository using open source software such as Subversion or CVS.

Ability to communicate effectively with all levels of management and staff both orally and in writing, sufficient to develop and deliver briefings, project papers, status reports, and correspondence to report security vulnerabilities and its impact, show the benefits of vulnerability testing and code review, foster understanding, and promote the acceptance of the agency security engineering program.

Desired Skills:  

1. Proficient in identifying application security components and creating demonstrable examples of how to use these components to mitigate vulnerabilities in applications, services, and databases for Java.

 

1. Proficient in MS-SQL administration.

 

1. Proficiency with federal government security and privacy guidelines and mandates, such as NIST 800-53. The candidate has prior experience to translate government mandates and regulations into system requirements and specifications.

 

1. Hands on experience in performing security risk assessment (SRA) in compliance with NIST 800-30 and USDA guidelines.

 

1. Proficient with secure design patterns.

 

1. Ability to use consensus building, negotiation, coalition building, and conflict resolution techniques sufficient to establish and maintain effective communication channels with multiple stakeholders and teams.

 

1. Good at providing security services to multiple teams, and be able to interact appropriately in highly charged emotional situations.  Must be able to justify and defend matters involving significant or sensitive issues.  Skill in effectively working with personnel and managers with divergent educational and cultural backgrounds.

 

Successful candidate is subject to a background investigation by the government and must be able to meet the requirements to hold a position of public trust.

 

Return to job openings