top of page

构建解决方案,一步到位

Security Software Engineers

概括

Evurge Solutions is seeking is a Security Software Engineer with the following experiences and requirements to test, advise and consult on application security for internal and external web systems and applications.

  • Verify findings as needed with application development team

  • Perform manual source code review for security vulnerabilities

  • Write formal security assessment report for each application

  • Perform bug hunting/penetration testing, threat modeling, risk analysis and thorough reporting to Security, Dev and Ops teams

  • Identify and remediate XSS, CSRF, SSRF, RCE and other attack surfaces

  • Demonstrated ability to meet deliverables, timetables, and deadlines.

  • Knowledge of current and emerging security and information technology standards and practices.

  • Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience.

  • Other activities to ensure performance and the information security program

职位类型

Full-time

地点

Chantilly, VA

资格

  • Understanding of web service technologies such as XML, JSON, SOAP, and REST

  • Thorough understanding of security methodologies and frameworks like SSDLC, MITRE ATT&CK, NIST CSF and OWASP Testing Guide v4

  • Strong coding skills in multiple common languages such as C#, Python, Ruby, Perl, Go, PHP and SQL and working knowledge of network and web related protocols TCP/IP, UDP, IPSEC, HTTP/S and BGP

  • Identify and remediate XSS, CSRF, SSRF, RCE and other attack surfaces

  • Security compliance regimes: NIST, PCI-DSS, ISO 27000, CIS, etc.

  • Background in J2EE, web frameworks, and .NET is a plus

要求

  •  Must be able to obtain a Public Trust Clearence.

经验

  • Hands-on experience working with application security in the realms of smoke testing, error handling, static code analysis, pre commit hooks, attack mapping, container security, continuous monitoring, authentication, session management and dependency mapping as well as penetration test tooling like Burp Suite, Metasploit and WebInspect

  • Vulnerability Management, Threat Vector Analysis, Intrusion Detection and Prevention, Incident Management and Response, Web Application Security, Risk Assessment and Mitigation Methodologies

  • Proficiency in building and automating efficient and effective scripts from scratch with languages such as Python, Node.js, sh, Perl, etc.

  • Experience applying knowledge of information security concepts and theories through technical and non-technical methods.

  • Solid understanding of cyber security threats, risks, vulnerabilities, and attacks, giving insight into threat actor motives, capabilities, and techniques.

  • Experience with WebInspect, AppScan Source, Fortify, Veracode, Sonatype or Blackduck platform

  • Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.

期望

contactus@evurge.com

Tel: 240-770-5360

8181 Professional Place STE 160 Hyattsville. MD 20785

© 2024 Evurge Solutions. Created by MLof Designs

bottom of page