Complete Posting Application Security Engineer

This position is located in Lowell, MA

Sterling Commerce, an AT&T Company, develops software that help enterprises connect, communicate and collaborate with their customers, partners and suppliers by providing solutions that enable seamless integration of key business processes.

With our software, customers optimize and transform their business collaboration network inside and outside the enterprise quickly, easily, and securely so they can accelerate revenues and reduce costs.

At Sterling Commerce we're dedicated to providing a superior customer experience with comprehensive global services for implementation, education and support. We offer a range of services for our solutions from remote management to fully managed, on-demand or hosted, as well as services for community development and management of suppliers and trading partners.

For over 30 years, we are known for our innovative solutions, being customer focused, and proven in the marketplace with our customers and partners.

More than 30,000 customers worldwide, including 80 percent of the FORTUNE® 500, use Sterling Commerce solutions for business process integration, secure file transfers, multi-channel selling, supply chain fulfillment and payment management.

Sterling Commerce is headquartered in Columbus, Ohio, and has offices in 24 countries.

Sterling Commerce is an Equal Opportunity Employer.

AT&T - is an Affirmative Action / Equal Opportunity Employer, and we're committed to hiring a diverse and talented workforce.

Acts as the central security engineering resource that will work with product line engineers to perform security assurance on the company’s applications. The security assurance activities range from performing static code analysis on application code, performing dynamic assessment penetration tests on running applications, performing specially crafted negative/abuse security tests against applications, etc. Independently analyzes the scan results from these tests to determine if reported findings are truly exploitable vulnerabilities and communicates vulnerabilities back to Engineering. This position will assist in managing security testing labs.

• Works with product line teams to configure and scan applications using static code analyzers and/or dynamic assessment tools. Independently analyzes scan output findings to identify vulnerabilities. Communicates results to internal development teams for remediation.

• Assists product line teams in developing and executing security abuse/negative test cases.

• Participates in application requirements analysis and design to determine if security requirements are properly identified

• Assists in the management of the security testing labs including installing the software and hardware components (e.g., network devices, firewalls) for an application deployment and configuring the system with the necessary security controls

DESIRED QUALIFICATIONS:

• Security application experience in non-web technologies such as mobile application technologies

• Experience using static code analyzers (IBM Ounce, Fortify) or dynamic assessment tools (e.g., IBM AppScan, HP WebInspect)

• Experience with security testing especially in ethical hacking or penetration testing on large complex applications.

• A GIAC Secure Software Programmers (GSSP) or Certified Secure Software Lifecycle Professional (CSSLP) certification

• Knowledge of web technologies (e.g., Java, JSP, JavaScript, Web 2.0, AJAX, JSON, HTTP, HTML, JDBC, application servers, application deployment, etc) or good understanding of how web applications work.

• Knowledgeable in web application security weaknesses (e.g., OWASP Top 10 and SANS Top 25). Ability to use web application security weakness knowledge to analyze output from security tools to determine if findings are exploitable.

• Good written and verbal communication and presentation skills.

• Ability to work in teams to assess large complex applications.

Qualified candidates should apply online