:: Home Graduate News Master Degrees Post-Master Degrees Certificates Admissions Financial Aid Job Opportunities Student Services General Information |
GRADUATE JOB OPPORTUNITIES
SOFTWARE ENGINEER II – SOFTWARE SECURITY Position available at College Board in Reston, VA
SOFTWARE ENGINEER II – SOFTWARE SECURITY
Job ID: DB20091102-18537
https://careers.collegeboard.com/viewjob.html?optlink-view=view-1943&ERFormID=newjoblist&ERFormCode=any
POSITION SUMMARY
To participate in the implementation of software security processes, tools, and technical solutions in order to improve the quality and security of College Board products. The Software Engineer will be deeply involved in security-driven assessments of College Board products utilizing automated and manual techniques.
ESSENTIAL FUNCTIONS/RESPONSIBILITIES
• Evaluate new and existing security standards, tools and solutions.
• Participate in documenting processes and technologies that support secure software development practices.
• Participate in maintaining a security API used by College Board applications.
• Support developers in the areas of secure coding practices, vulnerability assessments, and remediation.
• Stay current with emerging software security technologies, industry trends, and attack vectors, with a primary focus on internal reference architecture and security standards.
• Operate and customize code scanning and review tools.
• Participate in secure code reviews of College Board applications.
• Participate in security incident response.
PRINCIPAL RELATIONSHIPS
Internal Contacts:
Maintains regular contacts with staff in own department with the purpose of coordinating activities and scheduling and collaborating to produce work. Participate in supervising staff, consultants, and vendors and contributes to decisions regarding selection or evaluation.
External Contacts:
Maintains contact with members, customers, vendors, and other business-related outside parties. These contacts have an impact on the image, reputation and/or business or operational well-being of The College Board.
DETAILED RESPONSIBILITIES
Work with IT Groups to define, develop, socialize and execute long-term application security roadmap, including:
• Conduct in-house code reviews, static analysis and dynamic analysis on software products.
• Conduct manual and automated security testing of College Board applications.
• Perform day-to-day operations of static analysis tool and IDE plug-in support.
• Assist with the remediation of security vulnerabilities found via code scanning and manual inspection and penetration testing.
• Help review static analysis tool findings with product teams and other IT stakeholders; participate in manual code inspections.
• Review dynamic analysis tool findings and identify sources of problems with product teams and other IT stakeholders.
• Maintain common security API used by College Board software products.
MINIMUM QUALIFICATIONS
Education/Experience
• Bachelor’s Degree in a related field plus additional related college courses or professional training.
• Four to seven years of progressively responsible directly-related experience.
Related Skills & Other Requirements:
• Strong and evolving competence in several programming languages and technologies, mastery of one or more tools sets, technologies and implementation environments.
• Advanced knowledge of programming languages, relational database management systems, networking technology, multiple desk operating systems and multiple server operating systems.
• Understanding of modern software engineering principles and practices.
• Strong customer service orientation.
• Strong problem solving and analytic skills.
• Must have strong knowledge in one or more of the following: HTML, JavaScript, DOM, AJAX, CSS/CSS2, XML, XHTML, DHTML, etc.
• Experience writing automated unit tests.
• Must have adequate knowledge of J2EE and/or .NET technologies.
• Knowledge of Cross-Site Scripting (XSS), HTTP Request Smuggling, SQL Injection, RFI (Remote-File Inclusion), LFI (Local-File Inclusion), CSRF (Cross-Site Request Forgery), Response Splitting, OWASP Top 10 and other attack vectors a plus.
• Knowledge of OWASP Web Security Certification Criteria, OWASP testing guidelines and PCI Data Security Standards is a plus.
• Experience with one or more of the following tools nmap, wikto, nessus, whisker, crowbar, Paros, suru, Wireshark, TCPDump, ISS is a plus.
• Experience with one or more of the following web app scanners - IBM AppScan (WatchFire), HP Web Inspect (SPIDynamics), Cenzic, Web Scarab is a plus.
• Experience in performing code reviews.
• Strong interest in IT Security with a passion to solve problems.
• Knowledge of TCP/IP, HTTP/S and other protocols.
• Any knowledge of one or more of the following is a plus but not required -- Python, Ruby, PHP or other scripting languages.
• Willingness to learn and try new things as well as extremely good research skills
• Reverse engineering experience using one or more of the following tools -- (IDA, Olly, and SoftIce) is a plus.
• Experience with protocol analysis, forensic analysis is a plus.
• Experience installing, configuring and maintaining continuous integration (CI) environment(s) using tools such as Cruise Control, Cruise Control.NET, Hudson, Bamboo, Gauntlet, in a test driven development (TDD) process is a plus.
• Experience with one or more of the following static analysis tools are highly desired: Ounce Labs, Fortify, Klocwork, Prefix/Postfix, FindBugs, FxCop, and PMD.
This position may be subject to a background check
The College Board is dedicated to the principle of equal opportunity and its programs, services and employment policies are guided by that principle.
Job ID: DB20091102-18537
https://careers.collegeboard.com/viewjob.html?optlink-view=view-1943&ERFormID=newjoblist&ERFormCode=any
POSITION SUMMARY
To participate in the implementation of software security processes, tools, and technical solutions in order to improve the quality and security of College Board products. The Software Engineer will be deeply involved in security-driven assessments of College Board products utilizing automated and manual techniques.
ESSENTIAL FUNCTIONS/RESPONSIBILITIES
• Evaluate new and existing security standards, tools and solutions.
• Participate in documenting processes and technologies that support secure software development practices.
• Participate in maintaining a security API used by College Board applications.
• Support developers in the areas of secure coding practices, vulnerability assessments, and remediation.
• Stay current with emerging software security technologies, industry trends, and attack vectors, with a primary focus on internal reference architecture and security standards.
• Operate and customize code scanning and review tools.
• Participate in secure code reviews of College Board applications.
• Participate in security incident response.
PRINCIPAL RELATIONSHIPS
Internal Contacts:
Maintains regular contacts with staff in own department with the purpose of coordinating activities and scheduling and collaborating to produce work. Participate in supervising staff, consultants, and vendors and contributes to decisions regarding selection or evaluation.
External Contacts:
Maintains contact with members, customers, vendors, and other business-related outside parties. These contacts have an impact on the image, reputation and/or business or operational well-being of The College Board.
DETAILED RESPONSIBILITIES
Work with IT Groups to define, develop, socialize and execute long-term application security roadmap, including:
• Conduct in-house code reviews, static analysis and dynamic analysis on software products.
• Conduct manual and automated security testing of College Board applications.
• Perform day-to-day operations of static analysis tool and IDE plug-in support.
• Assist with the remediation of security vulnerabilities found via code scanning and manual inspection and penetration testing.
• Help review static analysis tool findings with product teams and other IT stakeholders; participate in manual code inspections.
• Review dynamic analysis tool findings and identify sources of problems with product teams and other IT stakeholders.
• Maintain common security API used by College Board software products.
MINIMUM QUALIFICATIONS
Education/Experience
• Bachelor’s Degree in a related field plus additional related college courses or professional training.
• Four to seven years of progressively responsible directly-related experience.
Related Skills & Other Requirements:
• Strong and evolving competence in several programming languages and technologies, mastery of one or more tools sets, technologies and implementation environments.
• Advanced knowledge of programming languages, relational database management systems, networking technology, multiple desk operating systems and multiple server operating systems.
• Understanding of modern software engineering principles and practices.
• Strong customer service orientation.
• Strong problem solving and analytic skills.
• Must have strong knowledge in one or more of the following: HTML, JavaScript, DOM, AJAX, CSS/CSS2, XML, XHTML, DHTML, etc.
• Experience writing automated unit tests.
• Must have adequate knowledge of J2EE and/or .NET technologies.
• Knowledge of Cross-Site Scripting (XSS), HTTP Request Smuggling, SQL Injection, RFI (Remote-File Inclusion), LFI (Local-File Inclusion), CSRF (Cross-Site Request Forgery), Response Splitting, OWASP Top 10 and other attack vectors a plus.
• Knowledge of OWASP Web Security Certification Criteria, OWASP testing guidelines and PCI Data Security Standards is a plus.
• Experience with one or more of the following tools nmap, wikto, nessus, whisker, crowbar, Paros, suru, Wireshark, TCPDump, ISS is a plus.
• Experience with one or more of the following web app scanners - IBM AppScan (WatchFire), HP Web Inspect (SPIDynamics), Cenzic, Web Scarab is a plus.
• Experience in performing code reviews.
• Strong interest in IT Security with a passion to solve problems.
• Knowledge of TCP/IP, HTTP/S and other protocols.
• Any knowledge of one or more of the following is a plus but not required -- Python, Ruby, PHP or other scripting languages.
• Willingness to learn and try new things as well as extremely good research skills
• Reverse engineering experience using one or more of the following tools -- (IDA, Olly, and SoftIce) is a plus.
• Experience with protocol analysis, forensic analysis is a plus.
• Experience installing, configuring and maintaining continuous integration (CI) environment(s) using tools such as Cruise Control, Cruise Control.NET, Hudson, Bamboo, Gauntlet, in a test driven development (TDD) process is a plus.
• Experience with one or more of the following static analysis tools are highly desired: Ounce Labs, Fortify, Klocwork, Prefix/Postfix, FindBugs, FxCop, and PMD.
This position may be subject to a background check
The College Board is dedicated to the principle of equal opportunity and its programs, services and employment policies are guided by that principle.
Posted on: June 04, 2009
Prospective Students ~ Current Students ~ Alumni & Friends ~ Corporate & Community Partners
Departments ~ News ~ Events ~ People ~ Admissions ~ Undergraduates ~ Graduates ~ Research ~ Continuing Education
© 2008 The Volgenau School of Information Technology and Engineering - George Mason University