McAfee Professional Services - Foundstone Software Security Consultant (Code Review)

About the Role and Responsibilities

Location: The majority of work will be done either from our corporate offices located in New York City (NY), Reston (VA), Santa Clara (CA), Mission Viejo (CA), Plano (TX) OR from specific client offices OR remotely from home depending upon the location of the candidate. Some of the work might involve out of area travel.

About the Role:

Eyes tired because you were up all night digging through code to find a new vulnerability? Do you live and breathe application development but are curious about security? If you're up for working with a rock star team of security experts and love to be constantly challenged to think out of the box, Foundstone is for you!

Our software security team inhales assembly and exhales SDLC. As part of Foundstone's elite team of experts you'll find yourself hacking some of the largest and most depended upon applications. You'll come up with practical solutions to our client's most difficult problems and help them make security a top priority.

Candidate will work with Foundstone's Software & Application Security Services (SASS) Team. This Full time position is a great opportunity for someone with strong software code review skills. This is a highly technical hands-on role that will utilize your software development and secure code review skills.

Foundstone's capability in source code security assessments extends from our Software and Application Security Service (SASS) consultants, who have performed source code audits on numerous client applications, as well as their own software. Our SASS consultants worked as development practitioners on commercial enterprise software systems and understand the software development process, as well as why and how security bugs are introduced. Our experience combined with advanced automated tools using contextual analysis; enable us to look at a greater amount of code faster and more accurately.

Key Responsibilities:

-Conduct manual and automated secure software code reviews

-Ability to identify detrimental software security problems and ability to assess code for semantic and language security bugs

-Write formal secure code review reports for each application, using Foundstone's standard reporting format.

-Participate in conference calls with clients to perform initial data gathering and a follow-up advisory based on the type of the request.

-Contribute to marketing materials (presentations, whitepapers, tools, etc.)

Qualifications

Required Experience, Skills & Education:

- Experience configuring static source code analysis tools such as Fortify, Appscan etc.
- 1 to 3 years of hands-on development expertise in one or more of the languages such as C, C++, C#, VB.NET, Java, CFML, Perl, Classic ASP, LUA and PHP.
- In-depth understanding of SDLC
- Work within development frameworks, such as J2EE and the .NET framework
- Experience developing or reviewing Spring MVC, Struts, Hibernate, jQuery code etc.

Preferred

-Threat Modeling Experience

-Mobile Apps Code Review (iOS, Android) Experience is desired

-CISSP, CEH, GSEC or other certification(s) is a plus

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. We are relentlessly focused on constantly finding new ways to keep our customers safe. Share your talents with us in the dynamic security industry, and experience the meaningful, interesting work that is waiting for you!

McAfee is an Equal Employment Opportunity employer. We celebrate diversity!

Click here for full EEO statement.

J2W-LI-KT

Job: Professional Services
Primary Location: NA-USA-CA-Mission Viejo
Position Number: 877705
Schedule: Full-time