Sign in
Post Jobs

Sr. Web Application Security Engineer 2015-106


Ishpi Information Technologies, Inc. (DBA ISHPI)

Job Description:

Overview: This program will provide support services to the United States Coast Guard (USCG) CAT Delta Headquarter staff and the USCG Centers of Excellence: Telecommunications Information Systems Command (TISCOM), in Alexandria VA, the Operations Support Center (OSC), in Kearneysville, WV, and C3CEN in Portsmouth, VA. Furthermore, provide personnel to support USCG Cyber CAT Delta, Cyber Discipline Tiger Teams (CDTT) to deploy to units around the Coast Guard to employ an “assess, fix and re-assess” methodology to address the protection of all USCG information systems. This support is for protecting all USCG IT Systems from cyber threats, both foreign and domestic, through the improved configuration management, the use of system and networking tools/systems and information sharing with DOD and DHS. Responsibilities: The Web Application Security Engineer will coordinate with Coast Guard System Owners and other relevant commands for ensuring Coast Guard web servers are in compliance with policy. Provide technical expertise to secure web servers for Coast Guard to include implementing HBSS and PKI. Responsibilities will include:Serving as a security advisor at the design stage, performing penetration tests, and following up with developers to make sure flaws are fixed before code is released to production.Conduct proactive analysis of frameworks and technologies used to anticipate vulnerability classes as well as techniques to mitigate them Requirements (education/experience/certifications): BS Degree in Computer Science or equivalent industry experience. 5 years’ experience with/managing Web Application Security. Proficiency performing manual penetration tests with aid from industry standard open-source, COTS and custom developed tools. Capable of developing exploit code to demonstrate to developers how to take advantage of vulnerabilities that are discovered, as well as demonstrating to developers, web security engineers, system engineers and senior management post-exploitation behavior (goals, tactics, etc.) of real-world attackers. Proficiency in code auditing a range of web languages (Ruby, Perl, Java, ASP .NET) Scripting language development (Python, Perl, or Ruby). Strong experience with manual interception proxies such as Burp, Fiddler, or Charles Proxy. Excellent ability to discover and demonstrate flaws such as SQL injection, XSS, and CSRF. General know-how of frontend javascript frameworks like AngularJS or knockout. Good understanding of RESTful APIs. Strong understanding of encryption (SSL, hmacs) and the various HTTP RFCs. Familiarity with tools such as SQLMap, Nessus, Skipfish, and Metasploit. Proficiency with Linux/Solaris -Good communication skills Preferences: (education/experience/certifications): Proven experience performing security assessments for companies with a large web presence. Ability to forge collaborative relationships with developers Demonstrated experience as a technical lead for assessment and remediation engagements with third parties Aptitude to participate in the security architecture process. Demonstrated ability to remain current on vulnerabilities and research trends in the information security industry.

Company Description:

ISHPI works in concert with other defenders of the Homeland to fortify national preparedness, agility, strength and advantage in the cyber domain – a readiness state we refer to as an i-Holistic CyberStanceTM. Using our integrated i-HolisticTM service solutions fortified with CyberSmithedTM and ActiveDefenseTM processes, we weave the armor and forge the weapons that enable our clients to maintain a dominating i-Holistic CyberStanceTM – always ready to Anticipate, Defend, Exploit and Attack in the Cyber domain. Out Information Operations, Advanced Information Services, C5ISR Engineering & Technical Services, and Training & Consulting business units work in unison to provide experienced people, proven processes, technology, advice and leadership to enable full spectrum Cyber capability.

ISHPI was born a cyber-services company supporting U.S. Armed Forces personnel and other direct defenders of the homeland with a heavy focus on emerging asymmetric Information Operations. Our focus on cyber related services has held steady while our client base and functional capabilities expanded exponentially to envelop essentially all cyber impacted components of modern warfare. Philosophically, our approach to cyber surety has evolved to become Holistic in nature, based on a firm conviction that cyber activities are never truly secure unless every layer of the OSI model and every human input associated with the activity is Holistically engineered and integrated for cyber security.

In 2014 ISHPI acquired Advanced Information Services Inc., a globally recognized leader in Software Development Quality and the winner of the 2013 Government Information Security Leadership Award for secure software lifecycle practices and the IEEE Computer Society Software Process Achievement Award. The acquisition added CMMI Maturity Level 5 Cyber-Secure Software Development to ISHPI’s i-Holistic CyberStanceTM Strategy.

Ishpi Information Technologies, Inc. (DBA ISHPI) is an Equal Opportunity Employer which governs all employment related decisions without regard to race, color, gender, sexual orientation, gender identity, religion, national origin, age, disability, veteran status or any other protected classification.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access as a result of your disability. To request an accommodation, please contact us at

Equal Opportunity Employer – Minorities/Females/Disabled/Veterans
VEVRAA Federal Contractor

Before applying for this position you need to submit your online resume. Click the button below to continue.

Share on