Aug 27 2010

Certified Application Security Specialist in job description

Published by at 5:59 am under Hacking,Humor,Phishing, scams, etc.

Last year Rich Mogull and Jeremiah Grossman created a little know certification, the Certified Application Security Specialist or Certified ASS.  To those in the know, or with the intelligence of the average house pet, it should be immediately obvious that this was an April Fool’s joke.  Funny, and it’s been a continuing joke through out the community, but apparently someone took it seriously enough to actually include it in a job description recently on Craigslist.  And strangely enough, the link I had now leads to the scam page on Craigslist.  Luckily I had the foresight to grab a copy of the post before it disappeared.  What were these people thinking?  Don’t they know they’re supposed to save this sort of stuff for the beginning of April?  The full job description after the page break.

Tired of Coding? Become an Application Security Specialist! (san jose south)

We have an immediate opening for a junior application security specialist (ASS) to join our growing consulting company. This permanent, full-time position is a great opportunity for someone with strong web application development skills that would like to move into the interesting and fun field of application security. This is a highly technical hands-on role that will utilize your web application development skills but involves little coding.

We will provide the right candidate with on-the-job training. The goal will be to quickly teach you how to perform detailed web application security assessments (black-box) and penetration tests by pairing you up with seasoned consultants. We have plenty of interesting projects to work on, including a wide variety of web applications (financial, e-commerce, gaming, etc.) and web services. Longer-term, we will train you to perform security code reviews.

This is an opportunity for a team player who would like to move into a new and exciting field, is ready to get started quickly, and is eager to learn some new skills and have fun while doing so.


Tired of Coding? Become an Application Security Specialist! (san jose south)

We have an immediate opening for a junior application security specialist (ASS) to join our growing consulting company. This permanent, full-time position is a great opportunity for someone with strong web application development skills that would like to move into the interesting and fun field of application security. This is a highly technical hands-on role that will utilize your web application development skills but involves little coding.

We will provide the right candidate with on-the-job training. The goal will be to quickly teach you how to perform detailed web application security assessments (black-box) and penetration tests by pairing you up with seasoned consultants. We have plenty of interesting projects to work on, including a wide variety of web applications (financial, e-commerce, gaming, etc.) and web services. Longer-term, we will train you to perform security code reviews.

This is an opportunity for a team player who would like to move into a new and exciting field, is ready to get started quickly, and is eager to learn some new skills and have fun while doing so.

Primary Job Duties
• Conducting web application security assessments and penetration tests. These are very systematic assessments which are done using our proprietary methodology, which we will train you on. The assessments involve manual testing and analysis as well as the use of automated web application vulnerability scanning/testing tools.
• Performing source code reviews using automated tools such as Fortify or AppScan Source Edition (Ounce) and/or manual analysis.
• Writing a formal security assessment report for each application, using our company’s standard reporting format.
• Participating in conference calls with clients to review your assessment results and consult with the clients on remediation options.
• Retesting security vulnerabilities that have been fixed and republishing your report to indicate the results of your retesting.
• Participating in conference calls with potential clients to scope out newly requested security projects and estimate the amount of time required to complete the project.

Work Location
Our company is headquartered in San Jose, California. The majority of work will either be done from either our corporate office or will involve driving to client locations throughout the Bay Area. Some of the work will involve travel.

Technical Skills
• Several years of experience developing web applications, preferably hard-core financial, e-commerce, or business applications that face the Internet. (required)
• Knowledge of the HTTP protocol and how it works.
• Experience performing web application security testing and using vulnerability testing tools. (preferred, but we will train the right person)
• Experience with web application firewalls (preferred, but we will train the right candidate)
• Experience with network-level penetration testing (nice to have, but not necessary)

Soft Skills
• Solid written and verbal communication skills.
• Willingness to do hands-on, highly technical work.
• Strong customer focus. The goal should be to make customers happy enough that they ask for you to be sent back to do more work for them.
• Desire to learn new things and become a participant in the local information security community.
• Honesty and integrity.

Other Requirements
• Must undergo criminal background check and drug testing.
• Flexibility to work odd hours at times. For the most part this is a Monday-Friday 8:00 to 5:00 job, but sometimes customers require us to do certain work during weekends or off-hours.

Job Benefits
• Competitive salary including performance incentives
• Reasonable work hours compared with most information consulting firms. We expect employees to work hard and produce results, but we also understand that our employees have a life outside of work and are not a 60 hour per week body shop.
• Company sponsored medical and dental insurance
• Company sponsored training programs and career growth opportunities
• Company sponsored industry certifications necessary for your position (such as CISSP, CEH, etc.).
• You’ll be part of a closely-knit team of dedicated employees.
• Your choice of beer (at the end of the workday)

If you think you’re the right person for this challenging and fun career opportunity, please reply with your resume.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: