Foundstone Security Consultant - Professional Services
Graduate job New York, United States IT development
Job description
Intel Statement:
Intel is in the midst of an exciting transformation, going beyond being a company that makes the world's best chips to one that also delivers wonderful experiences for people.
With help from talented employees like you, we will tightly integrate hardware, software and services into compelling experiences in pursuit of our mission, and utilize the power of Moore's Law to bring smart, connected devices to every person on Earth.
About this position...
Eyes tired because you were up all night digging through code to find a new vulnerability? Do you live and breathe application development but are curious about security? If you're up for working with a rock star team of security experts and love to be constantly challenged to think out of the box, Foundstone is for you!
Our software security team inhales assembly and exhales SDLC. As part of Foundstone's elite team of experts you'll find yourself hacking some of the largest and most depended upon applications. You'll come up with practical solutions to our client's most difficult problems and help them make security a top priority.
Candidate will work with Foundstone's Software & Application Security Services (SASS) Team. This full-time position is a great opportunity for someone with strong software code review skills. This is a highly technical hands-on role that will utilize your software development and secure code review skills.
Foundstone's capability in source code security assessments extends from our Software and Application Security Service (SASS) consultants, who have performed source code audits on numerous client applications, as well as their own software. Our SASS consultants worked as development practitioners on commercial enterprise software systems and understand the software development process, as well as why and how security bugs are introduced. Our experience combined with advanced automated tools using contextual analysis; enable us to look at a greater amount of code faster and more accurately.
What you will do...
Perform Embedded Systems and IOT Assessments
Perform Web Application Assessments
Carry out Web Services Assessments
Conduct Thick Client Assessments
Carry out Secure Code review Assessments
Reverse Engineer Software/Application
Test Hardware and Appliances for security vulnerabilities
Desired profile
Qualifications:
You must possess the below minimum qualifications to be initially considered for this position. Qualifications listed as preferred or additional will be considered a plus factor for applicants.
Minimum Qualifications:
1 to 3 years of hands-on development expertise in one or more of the languages such as C, C++, C#, VB.NET, Java, CFML, Perl, Classic ASP, LUA and PHP.
In-depth understanding of SDLC
Willingness to travel 25-50%
Additional Qualifications:
Experience testing appliances, hardware, IOT solutions, embedded systems etc.
Conduct manual and automated secure software code reviews
Ability to identify detrimental software security problems and ability to assess code for semantic and language security bugs
Experience configuring static source code analysis tools such as Fortify, Appscan etc.
Work within development frameworks, such as J2EE and the .NET framework
Experience developing or reviewing Spring MVC, Struts, Hibernate, jQuery code etc.
Write formal secure code review reports for each application, using Foundstone's standard reporting format.
Participate in conference calls with clients to perform initial data gathering and a follow-up advisory based on the type of the request.
Contribute to marketing materials (presentations, whitepapers, tools, etc.)
Preferred Qualifications:
Threat Modeling Experience
Mobile Apps Code Review (iOS, Android) Experience is desired
CISSP, CEH, GSEC or other certification(s) is a plus