Location: Flexible

About the Role:

Just finished up submitting a vulnerability you found to a bug bounty program? Is the single
quote key worn down on your keyboard? Then you should know Foundstone is hiring!
Our web application hackers speak SQL and make the DOM beg for mercy. As part of
Foundstones elite team of penetration testers youll find yourself owning some of the most
complex and mission critical web applications. Spanning across every vertical market, our
clients applications will test your skills and creativity on daily basis. You like a challenge? You
got one!
Foundstone Application Security Consultants also have significant experience reviewing a wide
variety of software including portals, e-commerce sites, financial services and health care
applications, and desktop and developer software. Candidates will work with Foundstones
Software & Application Security Services (SASS) Team. This full-time position is a great
opportunity for someone with strong software development and penetration testing skills.
Key Responsibilities:
Perform Web Application Assessments
Carry out Web Services Assessments
Application Reverse Engineering
Required Experience/Skills & Education:
Conduct web application security assessments and penetration tests. These are very
systematic assessments which are done using the Foundstone proprietary
methodology. The assessments involve manual testing and analysis as well as the use of
Foundstone proprietary & commercial automated web application vulnerability
scanning/testing tools.
Assess applications for issues surrounding Authentication, Authorization, User
management, Session management, Data validation, including all common attacks such
as SQL injection, Cross-site scripting, Command injection, Error handling, Auditing and
logging.
Assess the security aspects of Web Services design and implementation, including
confidentiality, integrity, trust relationships, and authentication using security standards
like XML signatures, XML encryption, SAML, and WS-Security.
Knowledge of tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Openssl,
Mallory, Echomirage, Wireshark etc.
Write formal security assessment reports for each application, using the Foundstone
standard reporting format
Participate in conference calls with clients to perform initial data gathering and a followup advisory for technical issues.
Publish whitepapers, tools and deliver presentations

Bachelors or Masters degree in Computer Science or equivalent

Willingness to travel 25-50%

Preferred:
Web application development experience in any of the major languages such as C#, Java,
PHP, ASP.NET etc. is a plus
Knowledge of other languages such as Python, JavaScript, Ruby, Perl, SQL etc. is desired
Mobile application development, assessment (iOS, Android, Blackberry) experience
Thick client assessment or Binary analysis experience
Experience reviewing code in C, C++, Java, PHP, C#, ASP etc.
Familiarity with automated source code analysis tools such as Fortify, Appscan etc.

McAfee is now part of Intel Security. With its Security Connected strategy, innovative hardwareenhanced security, and unique Global Threat Intelligence, Intel Security develops proactive,
proven security solutions and services to protect systems, networks, and mobile devices for
business and personal use all over the world. www.intelsecurity.com.
McAfee celebrates diversity!
Male/Female/Disabled/Veteran/EEO/AA Employer
Click here for full EEO statement.