Requirements
Mandatory:
A minimum of four (4) years of experience managing application security, including the following skills:
. Intrusion detection and response in a three-tier web application environment, including web servers, Java application servers, and Oracle databases, minimum three (3) years experience
. Analysis of Java applications for security vulnerabilities, minimum three (3) years experience
. Analysis of network, application, and database logs for security vulnerability assessment and auditing, minimum three (3) years experience
. Use of application and systems vulnerability assessment tools and development of remediation recommendations based on the results of said tools, minimum two (2) years experience
The candidate must have professional experience working in a UNIX/Linux environment and must possess the technical skills necessary for managing and automating tasks in this environment. The candidate must be able to provide both technical and executive-level assessment reports on a routine basis. The candidate must be able to work independently and be self-motivated while communicating regularly with supervisors and team members.
Desirable experience includes:
. Development and support of incident handling plans which include IT and non-IT staffs
. GIAC Gold or Platnium and/or CISSP certification
Duties: responsible for the implementation, and maintenance of the operating environment, including: network firewalls, application firewalls, intrusion detection sensors, compromised-host detection (e.g. trip wiring). Testing and review of applications for sensitivity to application-related security vulnerabilities, e.g. cross-site scripting or SQL injection.
Hours: The Security Administrator will be required to work 35 hours per week for not less than 48 weeks per year for the life of the project.
Start Date: May 21,2007 or upon award by the Office of the State Comptroller (OSC), whichever is later.
Experience: Tasks and Deliverables:
. The consultants will be responsible for developing and maintaining all software and system components required by the Prescription Drug Price Website Project including tasks related to application and data analysis, data access, data structures, data manipulation, production infrastructure implementation, administration, and maintenance, design and development of ETL processes, testing, debugging, implementation and documentation of the Prescription Drug Price Website System.
. The consultants will be responsible for following all Department security and technical policies and standards.
. The consultants will meet or have conference calls with appropriate staff to develop plans for enhancements, fixes, and maintenance of the Prescription Drug Price Website.
. The consultants will be responsible for developing all software development and system artifacts.
. The consultants will be responsible for following the Rational Unified Process for software development and for using the IBM Rational tools for software development tasks.
To Apply to this job go to http://www.GadBall.com or click here