• 5 years of relevant experience (8+ years preferred) --
o Writing and reviewing code with colleagues, each with different priorities, backgrounds, and abilities in several of: PHP, MySQL, AJAX, Java, Python, HTML/JavaScript, Perl, Scala, Node.js, Ruby, C++, C#, SQL, Delphi, and/or .net
o Unix or windows shell scripting
o BlackBox security testing, vulnerability scanning, and penetration testing
o Security code review
o Static Analysis Security Testing (SAST)
o Dynamic Application Security Testing (DAST)
o Mobile application security (iOS, Android, others)
o Threat/attack modeling
• Strong HTML/XHTML, JS and CSS skills preferred
• Experience developing in an Agile methodology desirable
• Solid administrative experience in both UNIX and Windows environments a plus
• Experience with web application firewalls preferred
• Experience with IDS/IPS signature development desirable
• Experience with crawlers, parsers, and web services a plus
• Experience in a highly technical hands on environment preferred
Knowledge, Skill, Abilities:
• Strong knowledge of secure development practices
• Deep knowledge of common web application vulnerabilities (e.g. XSS, CSRF, clickjacking) and their mitigation strategies
• Knowledge of system security vulnerabilities and remediation techniques
• Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Knowledge of security across multiple disciplines (data, database, operating system)
• Strong understanding of threat modeling and security methodologies
• Familiarity with protocol analysis methods and cryptography
• Excellent English communications skills
• Ability to interact professionally with senior leadership and can articulate key messages to a range of technical and non-technical audiences
• High degree of self-sufficiency, ownership, and pride of deliverables
• Strong background in fundamental information security concepts required
• Strong analytical skills
