Roles & Responsibilities
This position is for a Web Security Specialist for the McAfee Consumer team. The Web Security Specialist will primarily involve in performing Information Security Assessments of Web-based applications including threat modelling, Penetration Testing, Perform Static and Dynamic Analysis of Web based applications, Code reviews, Develop tools and Automation for Security Testing. Provide insights into issues by identifying which flaws can be exploited to cause business risk. It is a unique and challenging role that calls for a strong passion for security, technology and quality, while providing an immense opportunity to design and develop wide-reaching tools that will help in this efforts. Candidate should have experience in analyzing highly scalable and performing web/cloud based systems. Candidate should be an expert in this field and be able to drive the web/cloud security proactively for the team. The security specialist will be responsible for driving the security best practices within the teams and also leading efforts to educate the development teams on the secure development practices. They will also be responsible for inspecting and verifying all the web/cloud based applications in the Consumer teams. They will also be responsible for driving the security practices are being followed by ever team as per the secure development lifecycle and prevent any security vulnerability on the systems and applications being developed by the Consumer teams.
Desired Qualification & Experience
- Bachelor/Master Degree in Computer science & engineering.
- Over 8+ years of relevant web, mobile security experience, security assessments, source code analysis, application security vulnerability research, vulnerability management mitigation and remediation.
- Hands-on experience in performing security assessments of web-based applications including threat modelling, vulnerability assessments, and penetration testing.
- Knowledge of current information security threats.
- Knowledge of security bug classification frameworks such as CVSS and DREAD, and experience applying security bug classification methods.
- Development and/or vulnerability testing experience with web frameworks.
- Experience with vulnerability scanners, as well as with web application testing tools such as Burp, OWASP Zap, Nessus, Nmap, NeXpose, Metasploit, Wireshark, IBM Rational AppScan
- Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools
- Experience with software development programming languages such as ASP.NET, C#, Perl, Python, PHP.
- Deep knowledge of Microsoft .NET including XML, LINQ, Multithreading, Asynchronous, Parallel Programming.
- Develop POCs to demonstrate security issues.
- Passion to work with demanding architects on complex systems.
- Good understanding of coding best practices and standards.
- Experience in speaking or presenting at national and international security conferences and events, or equivalent thought leadership activities.
- Excellent communication skills, including experience conducting presentations to senior management is a must.
- Experience in providing technical oversight to other project team members to maintain engagement quality.
- Experience in mentoring, coaching staff and ability to lead teams under demanding circumstances to accomplish project team objectives.
- Good understanding of PCI security guidelines and rules
- Worked with organizations to setup and manage PCI compliant systems and applications.
- Certifications: CEH, CISSP, OSCP/OSCE and SANS (Gold) are preferable.
- Agile model (Scrum) understanding & experience.
- Ability to work independently with a team of engineers locally and peer teams abroad with minimum guidance.
- Experience in PSIRT.
- Experience in providing trainings or mentoring.
- Working knowledge on Cryptography.
Nice to have skills
- Exposure to Mobile App Development, HTML 5, CSS3.
- Exposure to BigData Technologies (Hadoop, Map Reduce, Hbase etc.) and cloud technologies.
- Exposure to Java, JSP, Tomcat.
- Experience in creating CVSS
Do Not Use