Security Engineer- SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and Unencrypted Authentication

Security engineer - where you will perform automated application security testing using a variety of security tools and evaluate the test results for prioritization using guides and a standard process. In some instances, you will participate in some application layer penetration testing of web applications, including learning how to exploit security vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and Unencrypted Authentication Create security vulnerability reports and presentations for technical and executive audiences. Use methodologies and tools to subvert the applications’ runtime or logical security controls to provide accurate assessments of Verizon’s application security posture across all LOBs and organizations. Help maintain and update application security documentation and methodologies based on guidelines provided by senior team members. Experience with Application Security. Knowledge of secure coding techniques. Knowledge of application security threats, software debugging principles, software design tools, methods, and techniques, software development models (e.g., Waterfall Model, Spiral Model). Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization). Knowledge of secure software deployment methodologies, tools, and practices. Strong organization skills and demonstrated ability to manage multiple, often conflicting priorities to successful completion. Knowledge of the SDLC, continuous build systems and other software engineering methodologies/systems Knowledge of application security and application security vulnerabilities. Knowledge of information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).