Internships and Full-Time at Cigital

Hi there, My name is Apoorva and I am a Senior Security Consultant working in a company called Cigital Inc. My company is actively hiring in a few locations and I am looking for candidates interested in application security and willing to relocate. I will refer you to these positions and work with you during the entire hiring process. If you are interested, please submit your resume to apoorvaphadke@gmail.com and I will get back to you as soon as possible.

Cigital is headquartered in Dulles, Virginia, just minutes outside of Washington, D.C., in one of the country’s leading technology corridors. In addition to our great corporate culture, Cigital offers an excellent salary and benefits package. If you are committed to excellence and want to grow your career, apply today!

To apply for these positions, submit your resume to apoorvaphadke@gmail.com

Position Location: Dulles VA, Boston MA. Bloomington IL
Position Type: Full-time
Reports to: Managing Consultant

About Cigital:

Cigital, Inc. is the leading software security and quality consulting firm. Established in 1992, Cigital plans and implements initiatives to help ensure customers have secure, reliable applications. We improve how they build and deploy software, and we have fun doing it. The daily news gives you a taste of what companies face, but if you’re in our field you get to see how serious these problems really are. Whether they’re banks, TV networks, or game designers – when businesses get serious about software security, they call Cigital.

Associate Security Consultant

General Responsibilities:

As Cigital engages with clients in the application of our software security improvement methodologies, the Associate Security Consultant joins in the execution and delivery of planned project deliverables and milestones that assist clients in learning, understanding, and applying Cigital’s secure software development methodologies. The Consultant typically has task responsibility within one project and develops the capability to perform tasks within one or more of Cigital’s security practices. The Consultant continuously learns and expands his/her technical competence. Consultants do some work from headquarters, but often go on site to help customers exterminate bugs and untangle the flaws that make their systems insecure. Our consultants make themselves and their team indispensable advisors to our customers: they build the relationships that help create and identify follow-on assignments.

Roles may include:

• Source Code Analysis
• Software Penetration Testing
• Architecture Security Analysis
• Secure Software Design and Architecture
• Application Reverse Engineering
• Network Security Analysis
• Database Security Analysis

Qualifications:

• Technical skills

o Familiarity with software security weakness, vulnerability and secure code review a plus
o Familiarity with software attack and exploitation techniques a plus
o Familiarity with at least one software programming language and framework a plus

• Consulting skills

o Ability to interface with clients, utilizing consulting and negotiating skills
o Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action

• Team-oriented skills

o Ability to collaborate with project team members, take direction from the project lead and execute tasks consistently

• Communication

o Written communication skills for use in preparing formal documentation.
o Verbal skills that include the ability to clearly articulate thoughts and to deliver presentation and training to all levels of management
o Ability to persuade

• Demeanor

o Enthusiasm and commitment along with professional interpersonal skills and an entrepreneurial drive
o Willingness to travel 20-50%

Education and Experience:

• BS in CS, Engineering or equivalent. MS preferred.
• Experience with C/C++, .NET, Java, multiple OS and RDBMS
• Experience with other languages (e.g. JavaScript, Python, Ruby, PHP, Perl, COBOL, SQL, or Assembly) (Desired)
• Experience conducting secure code review a plus
• Experience conducting reverse engineering a plus
• Experience performing web application penetration testing a plus
• Consulting experience a plus
• Experience using static code analysis tools (Fortify, AppScan Source, FxCop, CAT.NET, etc.) a plus

Compensation & Work Location: Cigital is based in Dulles, VA with offices in New York, San Francisco, Boston, Bloomington, Chicago, London Amsterdam, and clients worldwide. We offer a competitive salary, equity compensation and benefits.

Java Rules Engineer

Position Type: Full time

Reports to: VP of Products

Cigital is looking for a Java Rules Engineer based in Dulles, VA, Boston, NYC, or other location situated preferably on the east coast. You’ll be productive member of our development team whether in a Cigital office or based from your home office as a telecommuter.

About Cigital:

Cigital, Inc. is the leading software security and quality consulting firm. Established in 1992, Cigital plans and implements initiatives to help ensure customers have secure, reliable applications. We improve how they build and deploy software, and we have fun doing it. The daily news gives you a taste of what companies face, but if you’re in our field you get to see how serious these problems really are. Whether they’re banks, TV networks, or game designers – when businesses get serious about software security, they call Cigital.

General Responsibilities:

The Java Rule Engineer will research and create Java rules, test cases and guidance for Cigital’s SecureAssist product.

Essential Functions

• Research vulnerabilities in various Java frameworks
• Create test cases for the vulnerabilities
• Write SecureAssist rules using Cigital’s Rulepack Configurator to detect the vulnerabilities
• Write custom guidance explaining the vulnerability with examples of What-ToDo and What-NOT-ToDo
• Find open source applications and run them through 3rd party static analyzers and compare results to SecureAssist
• Monitor various vulnerability websites such as OWASP or CWE for new vulnerabilities that could be added to SecureAssist
• Provide test case and engineering documentation to QA

Requirements

• Ability to execute projects within established deadlines
• Strong analytical and problem solving skills
• Strong writing skills

Education and Experience

• 5 years in software development or application security
• BS/MS in Computer Science
• Expertise in Java, Java frameworks such as Spring, JSF, JMS, JPA,Struts
• Expertise in web technologies including Javascript and XML
• Expertise with either Windows or Linux

Compensation & Work Location:

Cigital is based in Dulles Virginia, with offices in New York, Boston, Chicago, Atlanta, Bloomington, Bloomington, San Francisco, London, Amsterdam, and clients worldwide. For Full-Time positions, we offer a competitive salary, equity compensation, and benefits.

Full-time Internship

Position Type: Full-time Internship
Reports to: Resource Manager

Cigital is looking for Application Security Interns based at our Dulles, VA headquarters. Interns learn to parachute in wherever software insecurity invades, and to stomp out bugs and flaws wherever they hide. As an Application Security Intern at Cigital, you will work with world-class members in your field using a broad spectrum of cutting edge technologies across many Fortune 500 industries.

About Cigital:

Cigital, Inc. is the leading software security and quality consulting firm. Established in 1992, Cigital plans and implements initiatives to help ensure customers have secure, reliable applications. We improve how they build and deploy software, and we have fun doing it. The daily news gives you a taste of what companies face, but if you’re in our field you get to see how serious these problems really are. Whether they’re banks, TV networks, or game designers – when businesses get serious about software security, they call Cigital.

General Responsibilities:

As Cigital engages with clients in the application of our software security improvement methodologies, the Application Security Intern joins in the execution and delivery of planned project deliverables and milestones that assist clients in learning, understanding, and applying Cigital’s secure software development methodologies. The Application Security Intern typically has task responsibility within one project and develops the capability to perform tasks within one or more of Cigital’s security practices. The Intern continuously learns and expands his/her technical competence. Our Interns make themselves and their team indispensable advisors to our customers: they build the relationships that help create and identify follow-on assignments.

Cigital has two primary objectives for Internship training:

• First, to have interns gather cutting-edge expertise in securing implementations of the latest software technology platforms and automating their analysis using code analysis tools.
• Second, to have interns follow Cigital’s Software Risk Management approach to identify security vulnerabilities and quality defects and determine the steps needed to harden the software.

Program supervision and evaluation:

Cigital prefers the ‘apprenticeship’ model for employee development. The intern will work with and under the direct supervision of senior staff members performing analysis and documenting results.

The trainee will acquire skills in line with use of portions of the Software Risk Management methodology including:

• Penetration testing of dynamic applications
• Analysis of software design and source code
• Knowledge of building secure, robust software systems
• Specific knowledge for automating code security analysis techniques on the latest software technology platforms

Requirements:

Cigital’s technical employees must be familiar with the technologies employed by our customers: web application frameworks, secure distributed component architectures, database management systems, real-time embedded systems and intelligent devices, to name just a few.

Our consultants make use of a broad range of skills every day including technologies like:
Java, Spring, Struts, Servlets, JAAS, XML, AJAX, JavaScript, .NET, C#, VB, C, C++, Perl, Python, PHP, Ruby on Rails, Flash, ActionScript, SQL, UNIX scripting, HTML5, Assembly

Experience with the following technologies and activities are beneficial:

• Software Quality Assurance, Software Security Fundamentals, Cryptography, Penetration Testing, Source Code Analysis
• Source Code Analysis tools like Fortify, AppScan Source Edition, Coverity
• Penetration Testing tools like Burp Proxy, Fiddler, AppScan Standard Edition, Firebug, IDA Pro, Nessus, OllyDbg, GDB, Immunity Debugger, API Monitor, SysInternal toolkit, Wireshark, nmap, MetaSploit

Compensation & Work Location:

Cigital is based in Dulles, Virginia, with offices in New York, San Francisco, Bloomington, London, Amsterdam, and clients worldwide. For Full-Time positions, we offer a competitive salary, equity compensation, and benefits.