Senior Web Security Researcher

Author: Category: Greg's Blog

Senior Web Security Researcher

  • Deep knowledge of web application attack and mitigation techniques (XSS, CSRF, SQL Injection, and Session Management)
  • Knowledge of web security protocols
  • Respond to web security incidents
  • Coordinate with peers from other web companies
  • Guide teams on adoption and execution of a Secure Product Life Cycle
  • Lead implementation of threat models, secure software test plans, policy, and procedures for product engineering and QE.
  • Communicate security information to users and customers through blogs, white papers, and/or conference presentations.
  • Educate product teams on security best practices by providing real-world examples and hands on training.
  • Find and fix security and privacy flaws across the Adobe product line.
  • Develop tools to automate security testing and enable more efficient discovery and resolution of security problems.
  • Conduct code reviews of products built in ActionScript, Java, JavaScript, ColdFusion, Ruby on
  • Rails, PHP, and/or .NET, as well as scripting languages (shell, python, perl)
  • Design security-related functionality and verify proper implementation of new features.
  • Maintain awareness of up-to-date threat and vulnerability profiles.
  • Help define and evolve company-wide online security operations/procedures for large managed
  • Software-as-a-Service environments.
  • Conduct internal security training classes for management, engineering, and QE.
  • Develop and organize training manuals, multimedia visual aids, and other educational materials.
  • Review threat models to create targeted training
  • Bachelor degree in computer science, engineering or a related discipline,
  • Between 5 to 7 years of experience working with web security, or an equivalent combination of education and work experience;
  • Experience in web development using ActionScript, Java, JavaScript, ColdFusion, Ruby on Rails, PHP, and/or .NET, as well as scripting languages (shell, python, perl) – this is a hands-on position which will involve building security test tools for delivery to and use by other teams.
  • Familiarity with browser, web service, and operating system security concepts;
  • Good analytical ability;
  • Strong written and oral skills in English; (will occasionally interface with senior management)
  • The ideal candidate must be able to convey complex security issues and risks while maintaining a positive relationship with product teams
  • Minimal travel required
  • Knowledge of Adobe technology (Flash Player, Reader, ColdFusion, etc.)

Article source: http://jobview.monster.com/Senior-Web-Security-Researcher-Job-San-Francisco-CA-US-104086529.aspx

View full post on National Cyber Security

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime