- Experience of Professional Web-Application Development or Source Code Review
- Knowledge of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.)
- Must understand how data flows through an application and connected components (SMTP,
LDAP, Database servers) and common software security issues and remediation techniques
(OWASP top 10, SANS top 25, etc.)
- Must be able to use SOAP UI to test the web services.
- Must have prior knowledge on security testing on JBOSS middleware like SOA-P, JBoss AS,
JBoss EWS, JBoss BRMS/Drools, ESB, HornetQ, BPM, jBPM, SEAM
- Experience in Medicare and Health Sector
- Familiarity with 508 Requirements
- Familiarity with Redhat Linux
- Proven ability to work within agile process framework, incl. SCRUM and Sprints
- Understanding of WS-Security, including SSL/TSL, addressing, SAML, JAAS/LDAP
- Understanding of XML gateways (DataPower, Layer7 etc.) and configuring policies for SOAP
based and REST based services
- Must have gateway administrative experience
- Penetration Tester, vulnerabilities, Nmap, Nessus, MetaSploit, Burp suite, HP Fortify, testing,
- Have a working knowledge of commercial and open source security scanning tools is a must.
- Conduct penetration, vulnerability and web application testing, risk assessments.
- Provide inputs to manage and develop an emerging threat model to assess and disseminate
threats related to the enterprise in regard to current vulnerability posture.
- Improve the system processes for scanning, and assessments by identification and
recommendations for process improvement