Location: Flexible
About the Role:
Just finished up submitting a vulnerability you found to a bug
bounty program? Is the single quote key worn down on your keyboard?
Then you should know Foundstone is hiring! Our web application
hackers speak SQL and make the DOM beg for mercy. As part of
Foundstones elite team of penetration testers youll find yourself
owning some of the most complex and mission critical web
applications. Spanning across every vertical market, our clients
applications will test your skills and creativity on daily basis.
You like a challenge? You got one!Foundstone Application Security
Consultants also have significant experience reviewing a wide
variety of software including portals, e-commerce sites, financial
services and health care applications, and desktop and developer
software. Candidates will work with Foundstones Software &
Application Security Services (SASS) Team. This full-time position
is a great opportunity for someone with strong software development
and penetration testing skills.
Key Responsibilities: Perform Web Application Assessments Carry
out Web Services Assessments Application Reverse Engineering
Required Experience/Skills & Education: Conduct web
application security assessments and penetration tests. These are
very systematic assessments which are done using the Foundstone
proprietary methodology.The assessments involve manual testing and
analysis as well as the use of Foundstone proprietary &
commercial automated web application vulnerability scanning/testing
tools. Assess applications for issues surrounding Authentication,
Authorization, User management, Session management, Data
validation, including all common attacks such as SQL injection,
Cross-site scripting, Command injection, Error handling, Auditing
and logging. Assess the security aspects of Web Services design and
implementation, including confidentiality, integrity, trust
relationships, and authentication using security standards like XML
signatures, XML encryption, SAML, and WS-Security. Knowledge of
tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Openssl,
Mallory, Echomirage, Wireshark etc. Write formal security
assessment reports for each application, using the Foundstone
standard reporting format Participate in conference calls with
clients to perform initial data gathering and a follow-up advisory
for technical issues. Publish whitepapers, tools and deliver
presentations Bachelors or Masters degree in Computer Science or
equivalent Willingness to travel 25-50%Preferred: Web application
development experience in any of the major languages such as C#,
Java, PHP, ASP.NET etc. is a plus Knowledge of other languages such
as Python, JavaScript, Ruby, Perl, SQL etc. is desired Mobile
application development, assessment (iOS, Android, Blackberry)
experience Thick client assessment or Binary analysis experience
Experience reviewing code in C, C++, Java, PHP, C#, ASP etc.
Familiarity with automated source code analysis tools such as
Fortify, Appscan etc.
McAfee is now part of Intel Security. With its Security
Connected strategy, innovative hardware-enhanced security, and
unique Global Threat Intelligence, Intel Security develops
proactive, proven security solutions and services to protect
systems, networks, and mobile devices for business and personal use
all over the world. www.intelsecurity.com.
McAfee celebrates diversity! Male/Female/Disabled/Veteran/EEO/AA
EmployerClick here for full EEO statement.
