Affiliated Computer Services, Inc. (ACS) is expertise in action™. We are a FORTUNE 500 company with 74,000 employees worldwide supporting client operations reaching more than 100 countries. We provide business process outsourcing and information technology solutions to world-class commercial and government clients. Our employees operate with integrity, and are flexible, reliable and responsive. If you meet the requirements of this position and want to work for a world-class company with a great marketplace reputation, apply today.
A senior-level technical expert, the Information Security Principal is a fully qualified individual contributor who applies an advanced knowledge of information security services/analysis concepts, practices and procedures. Incumbents are competent to work on the most complex assignments and perform a comprehensive range of information security services operations activities. The incumbent routinely works under demanding deadlines and often handles heavy workloads, operating with only limited supervision; errors at this level can cause significant delay, expense and/or disruption. Provide functional guidance to less experienced staff.
Provides functional and technical expertise to develop strategy and roadmap for conducting application penetration testing and source code analysis / review on web based applications and other custom developed applications; work across all relevant functional organizations to coordinate and implement penetration and application sources code testing strategies, actively engage in application penetration testing for ACS and our clients. Provide security consultation to project stakeholders and clients regarding configurations and solutions to mitigate risks identified during the application security design reviews and penetration testing. Assignments are in technical and business functional areas.
Responsibilities include:
Conduct ethical hacking and targeted penetration testing on public and non-public facing applications.
Conduct manual and automated black-box application assessment procedures using commercial penetration and auditing tools such as Tenable s Nessus, Core Impact, Retina, WebInspect, and AppDetective; as well as open source tools such as Nmap, Nikto, Paros, Burp, and Metasploit.
Recommend and ensure implementation of security safeguards to ACS and our clients for applications and networks. Security safeguards should be in accordance with industry standards, generally accepted business practices and other best practices.
Recommend security controls to system designs, databases and applications in accordance with industry best practices, standards including OWASP, NIST SP 800, FISMA, PCI, etc. Verify recommended security controls were implemented in the final solution by performing security assessment of solution.
Clearly document and communicate findings, risk description, risk level, and recommended solutions to stakeholders.
Research industry trends, products, and vendors.
Required Experience:
The incumbent also needs to have significant expertise in vulnerability scanning and penetration testing experience. Additionally, candidate should have working knowledge and experience in secure coding.
Candidates must be well versed in performing assessments and testing coupled with researching exploits and vulnerabilities, reading security community sites and blogs, and experimenting with and writing exploits.
The candidate should be a self-starter who is highly motivated and willing to learn a constantly evolving skill set.
Candidate should have a strong understanding of application security program, including system development lifecycle integration.
Candidate should have at least 4 years of experience performing penetration testing of web applications and their associated platforms (e.g. J2EE, .NET, IIS, Apache, Webshpere, etc.).
Candidate should possess an in-depth understanding of ethical penetration test methodologies and best practices.
Candidate should have excellent verbal and writing skills as well as the ability to write clear and concise assessment reports.
Candidate should have experience working with commercial penetration testing and auditing tools such as Tenable s Nessus, Core Impact, Retina, WebInspect, and AppDetective; as well as open source tools such as Nmap, Nikto, Paros, Burp, and Metasploit.
Candidate should have experience working with software programming languages and working with different scripting languages such as PERL and Python C++, C#, .Net, ActiveX and Java programming experience is desirable.
Required Education:
Bachelor's degree in Information Technology or related field or equivalent and 4+ years of related experience, plus 2-3 working in the cyber security field.
ACS is an Equal Opportunity Employer and does not Discriminate against any applicant on the basis of race, color, religion/creed, national origin, gender, or sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance. People with disabilities who need a reasonable accommodation to apply or compete for employment with ACS may request such accommodations by calling or by sending an e-mail to accommodations@acs-.
Experience: see above.
To apply: http://www.gadball.com/job/20061210/security-engineer/?sid=18