View All Jobs | Jobs By Location | Jobs By Category | Careers Home
Application Security Consultant/MPT (2)
Job#: 127692
Posted: 01/26/2012
Job Type: Full Time
Location: Remote
Department: Security Consulting
Category: Customer Services
Salary: Commensurate With Experience
Benefits: Full Benefits
Apply To This Job
Return To List

Job Description

Veracode looking for a smart, energetic and motivated individual to add to our team of consultants. We are open to applicants at various career levels from mid-senior.

Key Responsibilities:

As a penetration tester on our team, you will:

  • Perform application penetration testing, vulnerability assessments and application source code review against custom built software applications on Internet-facing and native systems
  • Identify and exploit vulnerabilities in applications
  • Document technical issues identified during security assessments utilizing standard CWE and CVSS classifications
  • Research emerging security topics and new attack vectors
  • Work independently to meet customer and project deadlines
  • Interact with customers in a collaborative consultative manor to deliver results, provide feedback and remediation recommendations on penetration testing findings.
  •  Leverage automated analysis techniques for efficient delivery of focused and comprehensive test formats.

Required Knowledge/Skills/Abilities – All Applicants:

  • 2+ years of Professional Web-Application Development or Source Code Review Experience
  • Development experience with multi-tiered Internet applications
  • Understands web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc)
  • Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, and Java
  • Understands of how data flows through an application and connected components (SMTP, LDAP, Database servers)
  • Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc)
  • Familiar with common Windows commands and scripting
  • Familiarity with general application and network security concepts
  • Strong technical writing skills
  • Excellent teaming and communication skills

Senior Level Applicants:

All of the above Plus

  • 5+ years of penetration testing in a consulting environment
  • 3+ years of source code review in a consulting environment
  • Familiar with OWASP Top 10 and CWE/SANS Top 25 classification systems
  • Familiar with profiling an application, identifying threats, and developing test cases to target identified threats
  • Familiar with developing proof-of-concept exploit examples to use within reports or live demonstrations
  • Familiar with documenting and communicating results that may be consumed by both developers and management-level audiences
  • Familiar with testing not only web applications, but natively compiled applications, mobile applications, and web services
  • Familiar with writing tools to aid in penetration testing
  • Familiar with using tools such as:
  • Intercepting proxies (i.e. Burp Proxy, Charles Proxy, Webscarab Proxy, Paros Proxy, etc)
  • Web Service Testing Tools (i.e. soapUI)
  • Disassemblers/Decompilers/Debuggers (IDA Pro, OllyDbg, WinDbg, jad, flare/flasm, SoThink SWF Decompiler, Firebug, etc)
  • IDEs (i.e. Visual Studio or Eclipse)

The following skills are not required from applicants but would be considered a plus:

  • University degree from an accredited college or university in Computer Science, Information Systems, Engineering or related major
  • Experience developing custom scripts or tools used for vulnerability scanning and identification
  • Consulting and/or project management experience
  • Unix, Windows, or networking security experience
  • Development and/or source code review in Flash/Flex and SharePoint Technologies
  • Development and/or architecture familiarity mobile applications, specifically iOS, Android and Blackberry
Apply To This Job