Security Consultant (Applications testing)

Our client provide professional services in areas of software testing. These include application security testings.

1.Certified professional of the GIAC Secure Software Programmer (GSSP) for the language(s) that is to be reviewed;
2.At least 3 years of hands on programming experience in financial applications;
3.For languages that are not covered by GSSP, GSSP qualified in any language and the requirement in #2 is required.

Security Code Compliance reviews

1.input data validation and sanitization;
2.authentication;
3.authorization and access control;
4.communication with other modules and exposed communications
(including but not limited to RMI, CORBA, RPC, XML-RPC, COM+/DCOM//ActiveX, socket, named pipe, mmap, shmem and temp file);
5.concurrency (including but not limited to synchronized methods, threading, forking, mutex, semaphore and shmem);
6.session management;
7.logging and audit trail implementation;
8.exception / error handling;
9.cryptographic implementation (including but not limited to encryption, decryption, hashing and salting) for data at rest and in transit;
10.key and password management considering application, database, OS, external module and external input layers; and
11.generation of random number and random number derived entities including but not limited to nous and session IDs.