OWASP Jobs

OWASP's mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. The global economy has greatly impacted our community worldwide. As a value-add to the website we have attempted to centralize career information for you. Jobs are organized into the following categories:

• Pen Testing - can be performed using automated tools, using manual penetration testing, or a combination of the two
• Code Reviewing - can be performed using automated tools, using manual review, or a combination of the two
• ES-Enabling and Other - integrating OWASP ESAPI Toolkits into applications and other types of work
• Grant Money and Internships - available OWASP grants and internships
• Advice and Resources - advice for job-seeking security professionals and additional resources

If your company is seeking an application security staff member post a link here to your job board

OWASP does not endorse commercial products or services.

Employment Advice and Resources

Advice

• If your seeking employment, you are highly encouraged to watch "APPSEC HELP-WANTED" filmed at OWASP NYC 2008 with Lee Kushner (below)

Additional Employment Resources

• How To Describe What You Do On Your Resume
• LJ Kushner
• Americas Job Bank
• Rent A Coder
• Guru
• Monster
• Norgate Technology
• MORE RESOURCES

Company Recruitment Postings

Req #: 1688RCG Location: San Francisco, CA Length: 3 Months to perm or Perm

Our client, who design security to harden OS's against intrusion, is looking for an engineer who has expertise in designing and developing software for web security with a focus on solutions enabled through code injection into Java and .NET application software. You will participate in a team oriented environment using Scrum operational practices.

Required experience/knowledge/skills

• Extensive experience working on security for web applications and web interfaces.
• Extensive experience in OWASP Top Ten web security issues, at the detailed code level.
• Experience in web security risk identification and remediation, at the code level.
• Three years (or more) of complex SW development using Java (must), .NET (high want) and C/C++ (want).
• Experience and knowledge with each of (musts) XML, HTML, Javascript, PHP, and (high wants) AJAX, Ruby, and Perl.
• Experience in the usage of multiple static and dynamic web security analysis tools (HP's Watchfire, IBM's Appscan, others).
• Strong analytical and problem solving skills.
• Excellent understanding of software architecture and industry best practices.
• Strong communication skills and ability to work effectively in a collaborative team environment.
• Self-motivated with ability to prioritize and attention to detail.

Additionally desired

• Broad computer security expertise.
• Intimate knowledge of computer viruses, worms, and general malware.
• Knowledge of code packing technologies and other viral detection avoidance technologies.

Contact Mary Rank

Pen Testing

Job web sites for companies that perform Application Vulnerability Assessment:

• Aspect Security
• Booz Allen Careers
• Carolina Advanced Digital
• Cigital
• Denim Groups
• Fortitudine Systems
• Lares
• Microsoft
• Milestone Systems
• MITRE
• NopSec
• Norgate Technology
• Packet Focus
• Vigliar
• WhiteHat Security

Code Reviewing

Job web sites for companies that security-focused code reviews:

• Aspect Security
• Booz Allen Careers
• Cigital
• Denim Group
• Fortify
• Lares
• MITRE
• Packet Focus

ES-Enabling and Other

Job web sites for companies that integrate ESAPI Toolkits into applications and do other types of security-related work:

• Aspect Security
• Booz Allen Careers
• Carolina Advanced Digital
• Cigital
• Denim Group
• Fortify
• Fortitudine Systems
• Lares
• Microsoft
• Milestone Systems
• MITRE
• NopSec
• Norgate Technology
• Packet Focus
• Vigliar

Grant Money and Internships

Grant Money

• Apply for Grant Money @ OWASP

Internships

• Part-Time, Full-Time & Intern Opportunities w/OWASP Foundation