• Us Citizen

• Green Card

• EAD (OPT/CPT/GC/H4)

• H1B Work Permit

• Corp-Corp

• Consulting/Contract

• UG :- - Not Required

• PG :- - Not Required

• No of position :- ( 1 )

• Post :- 26th Nov 2020

Security Engineer / Developer

Location: 100% Remote 

Duration: 4-6 month contract

IV: Phone and video

 

Client has a security vulnerability program across the entire Enterprise.  This team will be working on 2-3 different projects and current Web Dev Team consists of 4 Developers and 2 QA Testers. 

 

This role is heavy Security Vulnerability on web applications assessment and work to prevent attacks than it is true Java Development.  They will need to develop within the WebSphere 9 Portal environment using Java 7/8, HTML, JavaScript and some JSF, jQuery, but this is heaving OWASP Top 10 Rules analysis and finding vulnerability issues within these rules and then coding to resolve or fix the issues that arose in the 10-15 different web app sites they have.  

 

They will put all this in Jira and have daily meetings using a Kanban board.  Very little guidance and supervision, so they will need to have good experience and be able to figure this out as they don’t have anyone else on the team performing in this role to resolve this backlogged work. 

 

• Enabling firewalls – working with networking team to identify what should be blocked and what shouldn’t be.  Currently have OWASP top 10 rules in place and will have to find issues with these OWASP rules
• Vulnerability scanning – static scans across the sites ( on WebSphere), research vulnerabilities – what does it mean, what is the issue, is the fix industry standard or custom, develop/implement changes
• Whitehat (external vendor) – perform static scans in their WebSphere Portal, then set up the portal environment, look for vulnerabilities and then develop to resolve the vulnerabilities they found
• Enable and upgrade SSL versions (using Qualys) – this is bottom of the priority list as firewalls can be researched
• Network configuration and server experience

 

Experience with:

Security vulnerabilities (web applications)

Static scanning

Vulnerability scanning and assessment – provide recommendations to resolve vulnerabilities

OWASP Top 10 Rules assessment

HTTP portal/headers/protocol

SQL Injections/JavaScript Injections

Whitehat (a huge plus)

Development tools – Java, HTML, JavaScript, JSF, jQuery

 

Interview Process:

1 step interview with manager, a sec ops developer and a couple of people from the security team

Must be able to look at a vulnerability and walk them through what it’s telling them, what the solution is and how they would fix it

 

Job Description:

 

In this role the developers will be working to implement remediation in support of our vulnerability management program.  This is a hands on development role to update our web applications with known security vulnerabilities.  This work would include java development in our WebSphere platform as well as HTTPS/TLS upgrades for several sites.  They will also be working on configuration in WAF (web application firewall rules) for all of our public facing sites.

 

Qualifications:

Dev Must Have:

While in a developer role, experience supporting configuration and troubleshooting of firewalls for OWASP Top 10

Advanced understanding of HTTP headers and web security

Understanding of common web application security vulnerabilities

Java and Web development, 2-3 years of Java experience

Java 7/8, HTML, JavaScript, jQuery

Whitehat (strongly preferred)

 

Dev Nice to Have:

Knowledge of HTTPS TLS 1.2

Experience with Websphere Portal and Websphere application server

Exposure to Qualys and/or Veracode