[Dshield] Internet Web Application Security Analyst Position

Carl Schumacher CSchumacher at ElectronicSearch.com
Tue Mar 9 17:39:32 GMT 2004

I was hoping for a little help finding someone for a job we have open. We
looking for an "Ethical Hacker" type who is strong on the Internet
applications opposed to just a network security type. Spot is in a northern
suburb of Chicago. If you know anyone looking please send them my way. Here
is the spec.

Position:Internet Web Application Security Analyst
Location: Northern Suburbs of Chicago
Compensation: Based on Experience

Excellent skills in Application Auditing are required for this position. You
will analyze application-level security, as well as network level. We prefer
a candidate that has experience with Web and/or Java application analysis
and development, along with excellent Internet security experience. You will
also write exploits and do extensive penetration testing. "Ethical hacking"
skills are essential. This is a hands on, highly technical role. Other
responsibilities will include: Configuring, and securing UNIX, NT and Novell
networks (emphasis on UNIX and NT); Designing, integrating and administering
company-wide security policies; Evaluating, configuring, and installing
security-oriented software and hardware. Researching new security issues.
Designing, Monitoring and maintaining external network connectivity.

Technical skills required (in order of importance) :
* Application and Network level security analysis
* In-depth understanding of standard Internet protocols (FTP, HTTP, DNS,
* Experience in penetration testing
* IP network architecture/administration
* Web and/or Java Development skills a plus
* Experience with designing and implementing interconnected private,
semi-private, and public networks
* Inter-network connectivity and design
* Firewall design concepts
* Operating systems system hardening/lockdown
* Defining and enforcing best practices for network, server, and application
* Performing and preparing for security audits
* Protocol analysis and disassembly
* Proxy services, stateful inspection, application-level gateways, address
* Host-based, network-based, and distributed intrusion detection systems
UNIX skills a major plus; shell scripting, network configuration, tracing,
and troubleshooting; SCCS, programming languages (C, Java), performance
* Windows NT

Essential networking skills required:
* 7 layer approach (osi)
* Routing
* Firewalls
* HTTP and TCP
* Intrusion detection
* DNS configuration and troubleshooting
* Application load balancing

Functional skills required:
* Ability to work independently as well as with a team
* Project management
* Excellent analysis, problem solving and troubleshooting skills
* Highly organized, structure and procedure oriented
* Reliability and consistent track record of tenure with previous
* Risk vs. reward analysis
* Write secure code
* Excellent writing and communication skills

Experience and other requirements:
*A minimum of 5 -7 years demonstrated technical experience and strong
aptitude for Internet Network Security
*Experience in a large corporate technical environment is required.

BS/BA Computer Science, MIS or equivalent technical experience

Carl Schumacher
Technical Recruiter
Electronic Search, Inc.
(847) 506-2496
Fax: (847) 506-9999
Cschumacher at electronicsearch.com

If you do not want to receive
information from our company,
please reply with "unsubscribe"
in the subject line.

More information about the list mailing list