Founded in 1997, AsTech is a boutique information security consulting company headquartered in San Francisco. Our Application Security practice helps our client companies understand the security weaknesses in their enterprise applications and how those weaknesses can be mitigated. We also provide software developer technical training and application design consulting. Our clients range from large banks and e-commerce sites to small software development companies.
Our application security team consists of a number of senior enterprise software engineers. The engineers work on assignments independently as well as in teams. The majority of the projects allow for telecommuting, with occasional travel (approximately 20%). We work with our clients to understand application architecture and the nature and purpose of their application. We collaborate to review the application documentation and source code while documenting the security vulnerabilities. The results of the assessment effort provide our clients with an understanding of the risks present in the application and actionable details on how to address the vulnerabilities.
- Perform vulnerability discovery and analysis, penetration testing, code review, and threat modeling.
- Consult with customers by providing expert advice regarding risks, threats, and vulnerability remediation.
- Utilize security-focused tools and services.
- Draft executive level and technical reports based on findings.
- We are looking for application security engineers with the following qualifications:
- Knowledge of enterprise languages and APIs. (Java, C/C++, .NET, C#).
- Experience writing secure source code.
- Experience working with development teams to deliver applications or software-based services.
- Experience with and knowledge of common application security tools (Fortify, AppScan, WebInspect, etc.).
- Knowledge and experience with Mobile Application development on Android and iOS platforms is a plus.
- Project strategy, delivery, and management.
- Experience with processes and methods required needed to manage project deliverables are achieved with high levels of quality and professionalism.
- Experience addressing issues and scope changes, preparing status updates, and managing communications.
- Identify and manage risks to successful delivery of a project.
- Effective written and verbal communication.
Education and Experience
- 3-5 years of application development experience.
- 2-5 years of application security experience.
- Experience in application vulnerability penetration testing.
- Prior source code development, auditing, and fixing.
- Knowledge of secure development practices and techniques including but not limited to the OWASP Top Ten.
- BS in Computer Science or equivalent experience required.