This job ad has been posted over 30 days ago...



Application Security Consultant Full-time

at Intel Security in Banglore (Published at 21-10-2015)

Just finished up submitting vulnerability you found to a bug bounty program? Is the single quote key worn down on your keyboard? Then you should know Foundstone(Part of Intel Security) is hiring!

Our web application hackers speak SQL and make the DOM beg for mercy. As part of Foundstone’s elite team of penetration testers you’ll find yourself owning some of the most complex and mission critical web applications. Spanning across every vertical market, our client’s applications will test your skills and creativity on daily basis. You like a challenge? You got one!

McAfee Foundstone Application Security Consultants also have significant experience reviewing a wide variety of software including portals, e-commerce sites, financial services and health care applications, and desktop and developer software. Candidates will work with Foundstone’s Software & Application Security Services (SASS) Team. This full-time position is a great opportunity for someone with strong software development, secure code review and penetration testing skills.

Desired Skills and Experience
Total experience: 3 to 7 yrs
Location: Embassy Golf Link, Domlur- Banglore.


Specific tasks include (but not limited to):

Conduct web application security assessments and penetration tests. These are very systematic assessments which are done using the Foundstone proprietary methodology. The assessments involve manual testing and analysis as well as the use of Foundstone proprietary & commercial automated web application vulnerability scanning/testing tools.
Assess applications for issues surrounding Authentication, Authorization, User management, Session management, Data validation, including all common attacks such as SQL injection, Cross-site scripting, Command injection, Error handling, Auditing and logging.
Assess the security aspects of Web Services design and implementation, including confidentiality, integrity, trust relationships, and authentication using security standards like XML signatures, XML encryption, SAML, and WS-Security.
Conduct manual and automated secure software code reviews
Ability to identify detrimental software security problems and ability to assess code for semantic and language security bugs
Experience configuring static source code analysis tools such as Fortify, Appscan etc.
Experience reviewing Spring MVC, Struts, Hibernate, jQuery code etc.
Write formal secure code review reports for each application, assessment using Foundstone’s standard reporting format
Knowledge of tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Openssl, Mallory, Echomirage, Wireshark etc.
Participate in conference calls with clients to perform initial data gathering and a follow-up advisory for technical issues.
Publish whitepapers, tools and deliver presentations
Bachelor’s or Master’s degree in Computer Science or equivalent
Any of the following skills are a plus

Knowledge of scripting languages such as Python, JavaScript, Ruby, Perl, SQL etc. is desire
Source Code review in Java or .NET
Mobile application development, assessment (iOS, Android, Blackberry) experience
Thick client assessment or Binary analysis experience
Certifications such as CISSP, GSEC or CEH is a plus

About this company:
Intel Security: McAfee is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence, Intel Security is intensely focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. Intel Security’s mission is to give everyone the confidence to live and work safely and securely in the digital world.

Note: Applications have been closed.

Recent jobs at Intel Security

Viewed: 2294 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend