U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.
Please send your resume to RyanC@SATTEL2.COMHelp should you be interested in the following IT Web Application Security Engineer position in Arlington, VA (22203). The salary for this position is $120-130K plus 10-15% bonus (bonus has been paid out at 100% for the last 10 years). We are looking or an IT Security Web Application Engineer with vulnerability management experience. This is a publicly traded firm who has experienced major growth organically as well as through acquisition in the last 7 years. If you are not interested, please forward to colleagues/friends. We do pay referral fees!
You will be joining the IT Security Director on this team. They will be adding Security Administrators and Security Analysts in 2018 to build out the team. You will be the right hand man/woman to the IT Security Director. We are seeking an extraordinary Information Security Engineer to focus on Web Application security.
The information security team is responsible for managing security tools, security initiatives & programs, and mitigating risks faced by AvalonBay. This is a highly technical, hands-on role that requires a wide and deep experience in the technical aspects of security as well as the soft skills needed to move at the speed of business. This position requires practical knowledge of web application security, vulnerability assessment tools, secure coding methodologies, and data privacy & protection.
Responsibilities will include but are not limited to:
- Maintain, Configure, Support and Administer Web Application Scanning tools
- Perform vulnerability assessment of internal and external applications via automated and manual techniques
- Direct and consult with development teams in the remediation efforts of security findings and explain risk and trade-offs in differing methods of remediation
- Interface with external security services to receive, triage, and resolve vulnerabilities
- Conduct or manage penetration testing, in which simulated attacks on the systems are highlighted to find any weaknesses that might be exploited by a malicious party
- Work with technical and non-technical teams to define and document application security requirements vulnerability validation and manual source code reviews
- Bachelor’s degree from an accredited university required, Computer Science program strongly preferred
- 4+ years of experience as an engineer, implementing and monitoring security measures for the protection of computer systems, networks and web applications
- 4+ years of experience identifying and defining web application security vulnerabilities
- Desired Certification in Information Security - CISSP, CISM, CEH, GPEN, GWAPT
- Experience with the following Web Assessment tools such as: Contrast, Veracode, Fortify, WebInspect, BURP Suite PRO, SoapUI
- Familiarity with Security technologies, including authentication/access control mechanisms, encryption, penetration testing, Source Code Analysis and Web Vulnerability Assessment
- Have hands on experience resolving web application vulnerabilities
- Thorough understanding of the latest security principles, techniques, and protocols
- Experience with data stream and data messaging services, including syslog, web API Get calls, JSON, etc.
- An understanding of ethical hacking methodologies, Secure Coding, frameworks, and industry resources, e.g. OWASP, NIST publications, SANS/CWE
- Working knowledge of network protocols and Wintel/Linux/Unix system internals and transport protocols (TCP, TLS, HTTP/S, UDP)
- Demonstrated In-depth knowledge and understanding of computer applications to demonstrate proficiency with development frameworks& languages (Java, NET, C/C++, C#, PHP etc.) Programming background prior to security is preferred but not required.
- Ability to conduct Manual Source Code Security Analysis of developer source looking for coding flaws and errors for remediation
In addition, the ideal candidate must have strong communication and problem solving skills. Must be able to build and maintain relationships with varying levels of management within all departments.