Security Software Engineers
Summary
Evurge Solutions is seeking is a Security Software Engineer with the following experiences and requirements to test, advise and consult on application security for internal and external web systems and applications.
Verify findings as needed with application development team
Perform manual source code review for security vulnerabilities
Write formal security assessment report for each application
Perform bug hunting/penetration testing, threat modeling, risk analysis and thorough reporting to Security, Dev and Ops teams
Identify and remediate XSS, CSRF, SSRF, RCE and other attack surfaces
Demonstrated ability to meet deliverables, timetables, and deadlines.
Knowledge of current and emerging security and information technology standards and practices.
Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience.
Other activities to ensure performance and the information security program
Position Type
Full-time
Location
Chantilly, VA
Qualifications
Understanding of web service technologies such as XML, JSON, SOAP, and REST
Thorough understanding of security methodologies and frameworks like SSDLC, MITRE ATT&CK, NIST CSF and OWASP Testing Guide v4
Strong coding skills in multiple common languages such as C#, Python, Ruby, Perl, Go, PHP and SQL and working knowledge of network and web related protocols TCP/IP, UDP, IPSEC, HTTP/S and BGP
Identify and remediate XSS, CSRF, SSRF, RCE and other attack surfaces
Security compliance regimes: NIST, PCI-DSS, ISO 27000, CIS, etc.
Background in J2EE, web frameworks, and .NET is a plus
Requirements
Must be able to obtain a Public Trust Clearence.
Experience
Hands-on experience working with application security in the realms of smoke testing, error handling, static code analysis, pre commit hooks, attack mapping, container security, continuous monitoring, authentication, session management and dependency mapping as well as penetration test tooling like Burp Suite, Metasploit and WebInspect
Vulnerability Management, Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Web Application Security, Risk Assessment and Mitigation Methodologies
Proficiency in building and automating efficient and effective scripts from scratch with languages such as Python, Node.js, sh, Perl, etc.
Experience applying knowledge of information security concepts and theories through technical and non-technical methods.
Solid understanding of cyber security threats, risks, vulnerabilities, and attacks, giving insight into threat actor motives, capabilities, and techniques.
Experience with WebInspect, AppScan Source, Fortify, Veracode, Sonatype or Blackduck platform
Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.
Expectations
© 2022 Evurge Designs. Created by MLof Designs