Web Application Security Consultant, Java (Filled)

US - Virtual
Position Reference Number:
$70-85 per hour
Relocation Package: No
Job Type: Contract
Required Education: BA/BS, Masters Preferred

Job Description

SecurityRecruiter.com's Application Security focused partner has developed a strong track record of delivering web application security consulting services to its clients in the banking and financial services industries. As a result of delivering exceptional service, they've been invited to provide additional services and the team needs to grow by adding both full-time and 1099 contract application security professionals. We're seeking full-time and 1099 contract lead consultants to lead and participate in delivering web application security consulting services. Our client's team is made up of highly seasoned software engineering professionals who have 20-30+ years of total software engineering / software development experience. Much of that experience includes building large Java enterprise applications for major companies. This team has created a delivery track record that causes clients to invite them back for add-on projects. In this role, a consultant will perform application security assessments through both on-site and off-site engagements. The consultant will lead small review teams and will consult on threats and mitigation approaches. Most work will be done in a work from home or telecommute fashion. Travel for the team in 2009 averaged 20% or less. When travel occurs, it will happen on weekdays. Consultants will be home on weekends.

Job Requirements

A BS in math, computer science or engineering discipline is preferred. Education at the Masters level is appreciated. Certifications to include the CISSP, CSSLP, EC-Council E|CSP and/or SANS, GIAC Secure Software Programmer - Java (GSSP-JAVA) are highly appreciated. A consultant must demonstrate the following: Deep understanding of web application security threats, risk models and tools. Experience with static analysis with Fortify (preferred) or IBM Ounce Labs tools. Candidates who do not have Fortify or Ounce Labs but have open source or competing tool experience will be considered. Dynamic analysis, manual source code review, architectural review. Deep technical background that includes Java enterprise application technology. Strong customer presentation and communication skills. Experience leading small technical teams and managing projects. Background in helping clients to build security into their software development processes. The consultant must be able to read and understand Java code, APIs and architecture (JSP, Servlet, EJB, Hibernate, Struts, Ant, etc.). A multi-year prior Java programming background is strongly preferred. Desired Skills A background that includes Microsoft application technology is appreciated (.NET, classic VB and ASP).