Careers

Security Art is looking for talents to grow it's top-notch team.

If you believe that you are cut out from the right material, send your resume to jobs@security-art.com.

The current openings are:

Title: Application Security Engineer (Secure Code Review) 

We are looking for 3 Plus years of software development experience

Experience with web-based application development

3 years combined experience with C\C++ and/OR J2EE (servlet/JSP) and/OR .NET (C#/VB.Net and ASP.NET)

Job Description

The Secure Code Review service is part of the Security Testing Services Team. It is a part of Application Security testing service and is the process of identifying, documenting, and consulting on specific Application Security threats and vulnerabilities, associated likelihood and impact, and mitigating controls. Results of the assessment are documented in a report which consists of security plan, list vulnerabilities. Secure Code Review is a process to identify and assess risks present in applications using a hybrid static analysis methodology.

Details:

  • The critical skills / competencies required for the position are in depth knowledge and understanding of computer applications, including various languages (i.e. Java, ASP, .NET, C++, C#, etc.).
  • The skills to gather relevant information; including application architecture understanding, threat modeling, vulnerability identification and control analysis.
  • The skills to analyze information; including likelihood determination, impact analysis and risk determination.
  • The skills to prioritize risk responses including solution recommendation and documentation.
  • Strong communication (verbal and written), negotiation, problem solving and business line engagement required.
  • Selected individual will successfully comprehend large complex applications written by others from reading code and application design.
  • May have to handle multiple complex assignments simultaneously.
  • Good communication and writing skills with the ability to talk to both business people and technical people.
  • Should be able to communicate complex subjects in easy to understand terms. Stays current with emerging technologies and industry trends.
  • Additional knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.

Skills required: 3 Plus years of software development experience

  • Experience with web-based application development
  • 3 years combined experience with J2EE (servlet/JSP) and/OR .NET (C#/VB.Net and ASP.NET)
  • Experience with relational databases from an application development perspective
  • Application security experience
  • Peer code review experience
  • Ability to handle difficult situations and to provide alternative solutions or workarounds
  • Flexible and creative in helping to find acceptable solutions
  • Good communication and writing skills with the ability to talk to both business people and technical people.
  • Knowledge of application security vulnerabilities such as the OWASP Top 10
  • Cryptography (symmetric and asymmetric encryption, PKI, etc.)
  • SSL/TLS

 

Title: Ethical Hacker – Penetration testing 

We are looking for 3 plus years of Penetration testing experience

Security Art is looking for a smart, energetic and motivated individual to add to its elite team of ethical hackers and consultants.

Details:

  • Perform application penetration testing and application source code review against custom built software applications
  • Conduct vulnerability assessments and penetration testing on Internet-facing systems
  • Exploit vulnerabilities to gain access, and expand access to remote systems
  • Document technical issues identified during security assessments
  • Assist with building, hardening, and maintaining systems used for penetration testing
  • Research cutting edge security topics and new attack vectors
  • White box or Black box penetration testing experience. Knowledge in both types of testing environments is essential.
  • Experience in the some or all of the following: computer architecture, operating systems and networking protocols.
  • Experience with compiled and interpreted programs, for example: database systems, web servers, application servers, firewalls, routers, load balancers, switches, and different types of middle-ware.

 Skills required: 3 Plus years of Penetration testing experience

  • Experience with web-based application development
  • Experience in vulnerability research, reverse engineering, binary analysis and assembler
  • Experience with vulnerability scanning tools e.g. Nessus, Nexpose, Saint etc
  • Experience with web application vulnerability scanning tools e.g. IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro etc
  • Experience with static analysis tools e.g IBM Appscan Source, HP Fortify etc.
  • Experience with high level programming languages e.g, Java, C, C++, .NET (C#, VB)
  • Experience with web application development e.g. ASP.NET, ASP, PHP, J2EE, JSP
  • Manual penetration testing experience above and beyond running automated tools
  • Experience developing custom scripts or tools used for vulnerability scanning and identification
  • Web Service assessment experience (SOAP, WSDL, UDDI).
  • Practical experience with frameworks such as OWASP .

 

Title: Reverse Engineering – Exploits Developer

Candidate is responsible for programming/development a C/C++ environment and software reverse engineering utilizing tools such as IDA. Exploit development, shell code development, windows/linux internals, windows/linux kernel development.

Details:

  • Strong programming skills with C/C++. Software development and reverse engineering utilizing tools such as IDA are key.
  • Assembly Language - This candidate must be able to understand how a CPU works,
    and possess knowledge of least one of the architectures associated with assembly language.
  • Ideally the candidate has hands-on experience with ARM and/or X86.
  • Exploit Development
  • Security Tools Development

 Skills required:

  • Relevant experience in Vulnerability Research or Reverse Engineering
  • Relevant experience with OllyDbg, WinDbg and IDA Pro
  • In-depth knowledge of the inner-workings of operating systems
  • In-depth knowledge of Python and C/C++ programming languages
  • Software vulnerability research and/or software debugging/testing;
  • Experience with communication and data transport protocols, such as TCP/IP stacks, FTP, HTTP, SSH, etc.
  • Experience with any type of communication protocol stack would be valuable, i.e. WiFi, Cellular data protocols (GSM, GPRS, SMS, etc.), TCP/IP, UDP, etc. or anything in this area which shows competency in understanding a communication stack and the various layers of a network topology.
  • Knowledge of Pentesting (Web/Network), Exploit Dev/Analysis etc