Description

The Application Security Engineer position involves conducting web application security assessments against our client's web sites. The Application Security Engineer will use ethical hacking techniques and countermeasures to provide a variety of cybersecurity services to our financial, healthcare, and government clients. Our goal is to protect clients by identifying weaknesses before the adversaries can exploit them.
Responsibilities

• Execute project plans and maintain the scope, schedule, and each party's responsibilities.
• Conducting external penetration tests of information systems using commercial and open source exploitation tools.
• Conducting internal configuration and vulnerability assessments of information systems using commercial and open source assessment tools.
• Test for OWASP Top Ten vulnerabilities using both automated and manual testing.
• Consult with clients and recommend mitigation techniques for known and upcoming application and system vulnerabilities.
• Engaging in security research to remain current on vulnerabilities and testing tools.
• Creating detailed, professional documentation / reports that clearly communicate vulnerabilities, mitigation strategies, and remediation steps.

Qualifications

• Bachelor's degree in information technology, computer science, information assurance or formal security training plus comparable experience.
• IT certifications such as MCITP, CCNA, Network+, OSCP, CISSP, CSSLP
• IT experience with deployment of various development frameworks and system stacks.
• Experience with multiple operating systems, databases, and hypervisors including Windows, Linux, Unix, VMWare, HyperV, Oracle and MS SQL.
• Experience with multiple authentication technologies, Active Directory, OpenID, SAML, and forms based.
• Experience with various network technologies such as Intrusion Prevention Systems, Web Application Firewalls, and Load balancing technologies.
• Excellent oral and written communication skills.
• Excellent analytical and problem-solving skills.
• An ability to work both independently or as a team is critical.
• Must be passionate about security and continuing education outside of work.