Us Citizen
Green Card
EAD (OPT/CPT/GC/H4)
H1B Work Permit
Corp-Corp
Consulting/Contract
UG :- - Not Required
PG :- - Not Required
No of position :- ( 1 )
Post :- 26th Nov 2020
Security Engineer / Developer
Location: 100% Remote
Duration: 4-6 month contract
IV: Phone and video
Client has a security vulnerability program across the entire Enterprise. This team will be working on 2-3 different projects and current Web Dev Team consists of 4 Developers and 2 QA Testers.
This role is heavy Security Vulnerability on web applications assessment and work to prevent attacks than it is true Java Development. They will need to develop within the WebSphere 9 Portal environment using Java 7/8, HTML, JavaScript and some JSF, jQuery, but this is heaving OWASP Top 10 Rules analysis and finding vulnerability issues within these rules and then coding to resolve or fix the issues that arose in the 10-15 different web app sites they have.
They will put all this in Jira and have daily meetings using a Kanban board. Very little guidance and supervision, so they will need to have good experience and be able to figure this out as they don’t have anyone else on the team performing in this role to resolve this backlogged work.
Experience with:
Security vulnerabilities (web applications)
Static scanning
Vulnerability scanning and assessment – provide recommendations to resolve vulnerabilities
OWASP Top 10 Rules assessment
HTTP portal/headers/protocol
SQL Injections/JavaScript Injections
Whitehat (a huge plus)
Development tools – Java, HTML, JavaScript, JSF, jQuery
Interview Process:
1 step interview with manager, a sec ops developer and a couple of people from the security team
Must be able to look at a vulnerability and walk them through what it’s telling them, what the solution is and how they would fix it
Job Description:
In this role the developers will be working to implement remediation in support of our vulnerability management program. This is a hands on development role to update our web applications with known security vulnerabilities. This work would include java development in our WebSphere platform as well as HTTPS/TLS upgrades for several sites. They will also be working on configuration in WAF (web application firewall rules) for all of our public facing sites.
Qualifications:
Dev Must Have:
While in a developer role, experience supporting configuration and troubleshooting of firewalls for OWASP Top 10
Advanced understanding of HTTP headers and web security
Understanding of common web application security vulnerabilities
Java and Web development, 2-3 years of Java experience
Java 7/8, HTML, JavaScript, jQuery
Whitehat (strongly preferred)
Dev Nice to Have:
Knowledge of HTTPS TLS 1.2
Experience with Websphere Portal and Websphere application server
Exposure to Qualys and/or Veracode