Security Code Review Engineer, TEKsystems

Security Code Review Engineer – Work From Home

Description:

TEKsystems has two openings for Security Code Review Engineers at one of our largest clients in the financial sector. These are 8 month+ contracts and can be done completely remote.

If you, or anyone you know may be interested, please contact Matt:

952-886-4853 OR [email protected]

Location: Can be 100% remote

Duration: ASAP – 11/28/12

Department Information:

The Secure Code Review (SCR) team is part of Security Consulting (CIS-C). Security Planning is the process of identifying, documenting, and consulting on specific Information Security threats and vulnerabilities, associated likelihood and impact, and mitigating controls in order to determine an overall risk rating. Results of the assessment are documented in a Security Plan. The results are completed to quantify risk so that we may make an informed decision on whether to accept the risk and/or mitigate the risk where no known (or insufficient) controls exist. SCR’s part of this process is to identify and assess risks present in applications using a hybrid static analysis methodology.

Specific Duties:

• The critical skills / competencies required for the position are in-depth knowledge and understanding of computer applications, including various languages (i.e. Java, ASP, .NET, C++, C#, etc.).

• Additional knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.

• The skills to gather relevant information; including environmental characterization, threat identification, vulnerability identification and control analysis.

• The skills to analyze information; including likelihood determination, impact analysis and risk determination.

• The skills to prioritize risk responses including control recommendation and documentation. Strong communication (verbal and written), negotiation, problem solving and business line engagement required.

• Selected individual will successfully comprehend large complex applications written by others from reading code.

• Handles multiple complex assignments simultaneously.

• Good communication and writing skills with the ability to talk to both business people and technical people.

• Should be able to communicate complex subjects in easy-to-understand terms. Stays current with emerging technologies and industry trends.

Minimum Qualifications:

• Minimum of 4 years of software development experience

• Experience with web-based application development

• Minimum of 2 years experience with .NET (C#/VB.Net and ASP.NET)

• Experience with relational databases from an application development perspective

• Knowledge of application security vulnerabilities such as the OWASP Top 10

• Ability to handle difficult situations and to provide alternative solutions or workarounds

• Flexible and creative in helping to find acceptable solutions

Preferred Skills:

• Application security experience

• Peer code review experience

• Working knowledge of the .NET framework

• Working knowledge of ASP.NET

• Working knowledge of C#.NET

• Understanding of AJAX and web services

• Maintenance programming experience

• CISSP or comparable security certification

• Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.)

• Basic understanding of the following protocols/technologies:

o SSL/TLS

o Cryptography (symmetric and asymmetric encryption, PKI, etc.)

• Ability to work on multiple complex assignments simultaneously

• Ability to work alone or in groups

• Good communication and writing skills with the ability to talk to both business people and technical people.