Description
My client are looking for an experienced IBM - Application Security consultant for a 4 month contract based in Belgium
The successful candidate will perform application security assessments, code reviews, and Software Development Life Cycle (SDLC) security consulting in a customer environment. The candidate will be responsible for identifying specific and systemic security issues within applications and the application development and life cycle maintenance process, and will also be a resource for the client in establishing and expanding the base of client knowledge in the area of application security.
Projects may include:
Performing application vulnerability and security assessments
Performing application security risk assessments
Performing code review across a variety of programming languages
Performing assessments of SDLC processes
Developing testing scripts and procedures
Developing and delivering application security training and outreach
Creating gap analysis and client improvement program recommendations
Other security-related projects that may be assigned according to skills
Candidates must have demonstrated experience in successfully completing tasks and delivering professionally written reports for clients. Must have the ability to present findings to technical staff and executives.
A successful candidate will likely possess some or all of these qualifications as well:
Experience with web application development (eg, ASP.NET, ASP, PHP, J2EE, JSP) Application security experience with high level programming languages (eg, Java, C, C++, .NET (C#, VB)
Experience leading software development projects
Experience with threat modelling and security risk assessment
Experience with vulnerability scanning tools (eg, Qualys, Nessus, Nexpose, Saint)
Experience with web application vulnerability scanning tools (eg, IBM AppScan, HP, Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
Experience with static analysis tools (eg, IBM Appscan Source, HP Fortify) Familiarity with interactive and automated penetration testing
Required Professional and Technical Expertise:
Experience in Application Security
Experience in IT and/or software development
Basic knowledge in common application code review methods and standards
Basic knowledge in application development and coding in modern languages
Basic knowledge in OWASP tools and methodologies
Basic knowledge in and understanding of HTTP and web programming
Basic knowledge in common enabling application security requirements
Basic knowledge in standard Software Development Life Cycle (SDLC) practices
Readiness to travel in Europe.
English: Fluent
Preferred Professional and Technical Expertise
Bachelor's Degree in Information Technology
Experience in Application Security
Experience in IT and/or software development
Certified in CISSP, CEH, and/or CSSLP