{Job Junction} Urgent requirement for the position of .Net Application Security Engineer @ Washington/DC

Please send me profile on my id vijay@rgtalent.com

Hi,

Currently, I am recruiting candidates for one of my requirement as mentioned below. If you have a matching profile, please send me the updated resume along with contact details at the earliest.

 

Job Title	.Net Application Security Engineer
Project Location	Washington DC
Duration	6 months /Contract

 
Skills Required and Job Description:

MOI:- Telephonic + Skype Candidates must be able to pass a criminal and financial background check Position Description:   The key responsibilities of this position are to carry out the agency's security engineering program.  This includes vulnerability detection, verification, and mitigation in applications and databases via dynamic and static testing, building an AppStore of application security components, and creating demonstrable examples. Education and Experience:   B.S. in the Information Security, Computer Science, or related field. Extensive knowledge and 7+ years of hands-on experience in .net technologies and .net security. Extensive software development experience using Microsoft.Net technologies (ASP.net, C#, MVC4, Entity Framework, etc.) Very proficient in identifying, verifying, and mitigating security vulnerabilities in Web applications, SOA/Web Services, databases, application source code, and configuration files. Extensive experience in application and database level vulnerability scanning and penetration testing. Extensive experience in performing secure code review for Microsoft .Net based applications.  Must be able look at application source code, find its security vulnerabilities (OWASP TOP 10, XSS, SQL Injection, XML injections, etc.) and recommend remediation strategies with code samples. Able to demonstrate to developers how to use the application security components to mitigate security vulnerabilities in applications, services, and databases. Able to build and manage a component repository using open source software such as Subversion  Required Skills and Competencies: 1.     Extensive knowledge and 7+ years of hands-on experience in .net technologies and .net security. Extensive knowledge and 7+ years of hands-on experience with .Net technologies, such as ASP.net, C#, AJAX, jQuery, Web Forms, MVC4, and WCF. Extensive knowledge and 7+ years of hands-on experience to secure .Net applications, including mobile and Cloud based applications, and SQL server. Extensive knowledge of best practice and design patterns to secure .Net based applications, including mobile and Cloud based applications, and SOA services.  In-depth knowledge and extensive hands-on experience in static analysis techniques, tools, and best practice. In-depth knowledge of .Net technologies and languages, such as C#, ASP.net, MVC, LINQ, and be able to define coding and configuration standards and best practice. In-depth knowledge of scripting languages used in Web applications and Databases, such as JavaScript, HTML, and Transact-SQL. Very proficient in identifying and verifying security vulnerabilities in Web applications, SOA/Web Services, databases, application source code and configuration files using static analysis tools, such as AppScan Source Edition.  Hands-on experience with the AppScan Source is required. Very proficient in identifying and building application security components and creating demonstrable examples of how to use these components to mitigate vulnerabilities in applications, services, and databases.  Solid understanding of top application, service, and database level vulnerabilities. Solid understanding of common structure and security weakness in typical Web applications, mobile applications and systems, SOA/Web Services, and Cloud based services. Knowledge of ColdFusion, PHP, and Perl is a plus.  In-depth knowledge and extensive hands-on experience in dynamic analysis techniques, tools, and best practice. Knowledge of the process, techniques, and technology used in vulnerability scan and penetration testing against applications, services, and databases. Considerable hands-on experience with commercial vulnerability scanning tools for applications, services, and databases. Considerable hands-on experiences with popular free and/or Open Source application level security scanners, penetration testing and proxy tools. Hands on experience in performing manual penetration testing against Web applications, Web Services, LDAP, database, and mobile applications. Solid understanding of top application, service, and database level vulnerabilities. Solid understanding of top vulnerabilities for mobile, SOA, and cloud based applications and systems.  Very proficient in identifying or building application security components and creating demonstrable examples of how to use these components to mitigate vulnerabilities in applications, services, and databases for .Net. Proficient with security architectural principles.  Knowledge of Red Hat Linux, Ubuntu KVM, Windows, and VMware server and workstation, and can create and maintain virtual machine images for vulnerability scanning and penetration testing.  Proficient in building and managing a component repository using open source software such as Subversion or CVS.  Ability to communicate effectively with all levels of management and staff both orally and in writing, sufficient to develop and deliver briefings, project papers, status reports, and correspondence to report security vulnerabilities and its impact, show the benefits of vulnerability testing and code review, foster understanding, and promote the acceptance of the agency security engineering program.   Skill in communicating orally and in writing with co-workers, technical and administrative personnel, and managers who are not security professionals. Further, the position must have the ability to translate security technical concepts into terms that can be understood by employees who are not security professionals.  Highly ethical, analytical, team-oriented, flexible, inquisitive, and logical.  Strong sense of urgency with ability to multi-task, take initiative and follow-through.  Ability to be organized and methodical, and work well under pressure.  Proficiency with the Microsoft Office suite of products, (i.e., Word, Excel, PowerPoint). Desired Skills:   Proficient in identifying application security components and creating demonstrable examples of how to use these components to mitigate vulnerabilities in applications, services, and databases for Java. Proficient in MS-SQL administration. Proficiency with federal government security and privacy guidelines and mandates, such as NIST 800-53. The candidate has prior experience to translate government mandates and regulations into system requirements and specifications.  Hands on experience in performing security risk assessment (SRA) in compliance with NIST 800-30 and USDA guidelines. Proficient with secure design patterns. Ability to use consensus building, negotiation, coalition building, and conflict resolution techniques sufficient to establish and maintain effective communication channels with multiple stakeholders and teams.  Good at providing security services to multiple teams, and be able to interact appropriately in highly charged emotional situations.  Must be able to justify and defend matters involving significant or sensitive issues.  Skill in effectively working with personnel and managers with divergent educational and cultural backgrounds.

 

 

Thanks & Regards…..?

Vijay Saraswat

Technical Resource Specialist

RG Talent Inc

39120 Argonaut way
Suite # 157, Fremont CA 94538

(Phone:  510-443-0758 Ext - 124

7Fax No: 510-952-4633

8Email : vijay@rgtalent.com /Gmail:vijay.rgtalent@gmail.com

URL : www.rgtalent.com 

yim /G talk --> vijay.rgtalent

 

 

In my absence please contact Rugen Nagar at the following address rugender@rgtalent.com

 

Disclaimer: Under Bill s. 1618 Title III passed by the 105th U.S. Congress this mail cannot be considered spam as long as we include a way to be removed from our mailing list. Simply send us an e-mail at remove@rgtalent.com and we will gladly REMOVE you from our mailing list

 

 

--
--
All Job Openings : http://groups.google.com/group/jobjunction/topics?hl=en
You received this message because you are subscribed to the Google
Groups "Job Junction" group.
Send us your resume to jobjunction.global@gmail.com, we will post you updated openings.
To post to this group, send email to jobjunction.global@gmail.com
To unsubscribe from this group, send email to jobjunction+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/jobjunction?hl=en
---
You received this message because you are subscribed to the Google Groups "Job Junction" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jobjunction+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/jobjunction.
For more options, visit https://groups.google.com/groups/opt_out.