Web-based Application Security Engineer

Greetings All,

I am a recruiter. One of my candidates recommended this list as the best place to finde quality security software engineers. Please let me know if it is appropriate for recruiters to post to this list.

My client is a very early stage start-up located in Waltham, MA. They have about 5 employees. Just closed first round funding with Greylock Ventures and Commonwealth Capital.

I am trying to find:

Web-based Application Security Engineer

Job Description:
We are currently seeking a Senior Security Engineer with web-based application security experience. The candidate will lead the research and development of an innovative application security assessment technology. This technology will be used to locate and provide remediation of web-based application vulnerabilities at the source code level.

Required Skills:
· In depth knowledge of common application layer vulnerabilities such
as buffer overrun, privilege escalation, cross-site scripting attacks, SQL injection attacks, etc...
· Complete understanding of web-based application architectural design
and implementation.
· In depth knowledge of the languages and technologies used to build
web-based applications (e.g. HTML, Java, JavaScript, XML, ColdFusion, ASP, JSP, Perl, PHP, C#, J2EE, .NET Framework, etc.)
· In depth knowledge of information security and network engineering.
· Ability to/ and has performed Web-based Application security audits,
security code reviews, etc.
· A strong development background and has the capability to architect,
design and implement the technology.
· In depth knowledge of both theoretical and practical security
experience
· Provide leadership and direction of all facets of the technology
from it's inception to its implementation.
· Strong written and oral presentation and communication skills with
the ability to communicate to organizations inside and outside the company.

Desired Skills:
· Compiler technologies including lexical analysis and parsing.
· Internal knowledge of the language interpreters used in implementing
web-based applications
· Familiar with existing source code assessment tools and technologies
(e. g. RATS, ITS4, Splint, FlawFinder, etc.)
· Familiar with existing web-based application security testing tools
and technologies (e.g. Sanctum's AppScan and AppScan DE, Cenzic from Hailstorm, ScanDo
from Kavado, etc.)

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Feel free to contact me and thanks for any referrals.

Regards,

Paul Blumenfeld
High Tech Ventures
Office (617) 520-2127
Cell (617) 312-7632
Home Office (781) 316-1604
http://www.htventures.com Received on Wed Aug 6 13:36:51 2003