Friday, May 22, 2009
Security Applications Developer in New York, NY
Friday, May 22, 2009
After building a reliable application security presence at our organization, we are ready to grow and jump on many new and interesting initiatives. Under the direct supervision of the Applications Security Manager, this role will be working with the application security team, solution designers, and technical architects to implement security practices into applications that the organization builds and buys. This position is responsible for research on issues that affect information security and the privacy of internal employees and consumers, including intrusions on consumer privacy and the effect of new technologies on privacy. Beyond this, application security is working on many new initiatives so this position will be working on many new and exciting ideas. Primary Responsibilities: Work with business units and IT business analysts to map high-level security, and privacy needs into requirements. Perform various security activities for development projects such as security design reviews and blackbox/graybox security assessments. Help clients mitigate security related risks by providing alternative recommendation and guidance through completion. Configure and employ various security testing software and apply results to security analysis. Code and demonstrate proof-of-concept exploits of identified vulnerabilities. Coordinate efforts of various Application Development teams in planning, execution, and mitigation of identified vulnerabilities. Work with Legal Compliance Counsel to support initiatives critical to the organization's information privacy practices. Perform formal company-wide IT Data Privacy Risk assessments, including data mapping to identify and remediate risks to employee and consumer Personally Identifiable Information (PII). Develop best practice tools and methodologies for privacy policy assessment and awareness training to IT application developers.Secondary Responsibilities: Continually work on improving existing processes or creating brand new security services/activities/processes that can help the company. Work to draft and continually improve policies to meet security and privacy standards that meet regulatory requirements, industry best practices, and risk management strategies. Conduct research and present analysis on customer-specific issues concerning the use of data and/or technologies and impact on the client's ability to uphold Fair Information Practices (FIP). Provide input on the company's position regarding issues discussed at security/privacy committee initiatives. Experience: 2 - 4 years professional experience 1 year minimum application security experience (confidentiality, authenticity, integrity, privacy) 1 year minimum experience in penetration testing at the application layer and using vulnerability scanning tools (AppScan, AppDetective, WebInspect, Nessus) 1 year minimum experience as an object oriented developer (JAVA and .NET preferred), with an extensive understanding of secure software Thorough understanding of secure software development and coding practices for Java development, application security, and privacy Working knowledge of UNIX/Solaris, Windows OS family, and network security technologies Experience with CVS and IntelliJ preferred Effective communication skills to work with various clients (business, development, compliance, etc.) to understand and document requirements Strong work ethic Strong problem-solving skills BS required in CS, CE or EE *This position is open to U.S. Citizens or permanent residents/green cards.* To Apply to this job go to http://www.GadBall.com or click here