Security?analyst
The?general?idea?of?the?skill?set?is:
??A?development?background
??Manual?penetration?testing?of?web?sites?and?web?services:?essentially,?a?technically?strong?and?experienced?hacker
??Good?command?of?spoken?and?written?English:?able?to?participate?in?orkshops?and?write?reports.
Here?is?a?detailed?wish?list:
1.???????General?security
a.??????Understanding?the?security?principles?and?best?practices
b.??????Threat?analysis?skills
c.??????Security?code?review?skills?(Experience?with?Fortify?Analyzer?or?a?similar?tool?is?a?plus)
d.??????(nice?to?have)?Understanding?the?basics?of?cryptography:?symmetric/asymmetric?algorithms,?hashing,?key?management
e.??????(nice?to?have)?Understanding?of?data?classification
2.???????Web?Security
a.??????Good?knowledge?of?the?HTTP?protocol?and?browser?security?models
b.??????Thorough?understanding?of?common?web-related?attacks?and?vulnerabilities?(OWASP?Top?10?is?a?must)
c.??????(nice?to?have)?Experience?in?web?security?assessment?(1+?year)
d.??????(nice?to?have)?Web?security?tools:?scanners?(Commercial,?e.g.?HP?Web?Inspect,?WhiteHat?Sentinel,?or?Open?Source)?and?proxies?(Web?Scarab,?Burp?Suite,?Paros)
e.??????Knowledge?of?Web?Services?security?and?XML?security
f.??????(nice?to?have)?Experience?with?SSO?protocols
3.??????Unix/Linux
a.??????Experienced?Unix?user
b.??????System?administration?skills
c.??????Shell?scripting
d.??????(nice?to?have)?Experience?with?Unix?C?development?is?a?plus
4.??????Recommended?certifications:?C?EH?or?OSCP
5. Generally,?a?broad?outlook:?several?programming?languages?and?platforms,?following?the?latest?trends?in?the?field
6.??????Basic?management?skills
a.??????1+?year?of?team?leadership
b.??????Experience?in?task?estimation/distribution
c.??????Experience?in?customer?requirements?analysis?is?a?plus
d.???(nice?to?have)?mobile?security
7.???????Communication:
a.??????Fluent?English?(at?least?upper?intermediate?level,?advanced?level?is?preferred)
b.??????Ability?to?explain?security?threats?and?vulnerabilities?to?people?of?various?levels?of?technical?competence
招賢納士網(wǎng)聯(lián)盟網(wǎng)站
