Wednesday, July 28, 2010

Technical Security Analyst at Research In Motion


Job Description

POSITION SUMMARY

As a member of Corporate Security, the Technical Security Analyst works to ensure the proper security controls of web applications and infrastructure. This position will be challenging, fast-paced, varied in nature and will contribute significantly to the continued success of the company. This position also provides information security services that meet business needs, ensuring that information assets and environments are protected. A strong technical background is required in order to properly assess complex computing solutions.

RESPONSIBILITIES

The successful candidate's responsibilities will include:
• Conduct security assessments and penetration tests across the organization, both manually and with the assistance of automated tools, in order to ensure applications, systems, and networks are not susceptible to known attack vectors.
• Promote secure Software Development Lifecycle (SDLC) habits.
• Ensure the security hardening and vulnerability patching of the organization's networks and infrastructure.
• Conduct code reviews, both manually and with the assistance of source code analysis software, upon internally developed applications.
• Analyze the results of vulnerability assessments and code reviews, write reports based on that analysis, and advise management of vulnerabilities, risk and mitigation.
• Provide technical advice and/or consultation to distributed personnel who are responsible for the development, deployment, administration, and security of the organization's applications systems infrastructure, and networks.
• Support the routine vulnerability scanning and patch management process.
• Assists management in the collection and reporting of metrics and KPIs relating to vulnerability assessment.
• Act as a mentor and assist in the on-boarding of other team members
• Evaluate commercially-available software products and services to determine which of these should be adopted by the organization.
• Stay informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional associations, industry conferences, training seminars, and other information sources.
• Support departmental and organizational activities, goals and objectives as required.
ESSENTIAL SKILLS AND QUALIFICATIONS
• Experience conducting vulnerability assessments and penetration tests of both the infrastructure and application layers
• Experience with, and in-depth knowledge of, vulnerability assessment tools and penetration testing techniques. (e.g., infrastructure / network vulnerability scanners, web application scanners, static code analyzers, web application proxies, packet capture and analysis software, network mapping and port scanners, exploit automation platforms, OWASP, OSSTM, WASC, etc.)
• Substantial knowledge and understanding of vulnerabilities relating to web application technologies, platforms and languages. (e.g., Cross-Site Scripting, SQL Injection, Cross-Site Request Forgery, Authentication / Authorization and Business Logic Bypass, OWASP Top 10, etc.)
• Strong programming / debugging skills with proficiency in one or more of the following; Java, JavaScript, XML, PHP, ASP.NET, AJAX, other scripting languages, etc.
• Knowledge of SDLC methodologies
• Substantial knowledge of vulnerabilities in, and operational details of, various operating systems, databases, and networks, in relation to hardening, configuration, deployment, and administration
• Subject matter expertise in general information security, cryptographic principles, common communication protocols, information systems auditing, computer forensics, packet analysis, intrusion detection/prevention systems and techniques, and security incident response handling
• Experience in hacking hardware and software, discovering flaws and suggesting improvements
• Possess a strong work ethic and desire to follow objectives and succeed in meeting deliverables
• Strong organization, analytic and problem solving skills, with attention to detail and reproducibility.
• Exceptional skills in written and oral communication, including the ability to compose concise and accurate assessment and audit reports
• Ability to work independently with limited direction, and as a member of a team
• Preference will be given to:
o Bachelor's degree
o 2 - 5+ years experience in the field
o Applicable certifications from EC-Council, SANS, ISACA, ISC(2)
If you're driven to take wireless technologies to the next level, it's time you join the team at RIM. We offer a challenging environment that fosters creativity and rewards excellence. Employees also have use of our award winning BlackBerry!
Email: jobs@aarenconsultants.in Get Aaren Jobs Daily @ your Mobile : Sign In Get Aaren Jobs Daily @ your Inbox : Sign In
Related Posts Plugin for WordPress, Blogger...