Large consulting firm looking to fill a variety of security positions.  Slots open in most major cities, but prefer NY, Short Hills, Philly, Tyson's Corner, Atlanta, Chicago, Detroit, Houston, Seattle, and San Francisco/Silicon Valley.  The job postings will reflect experienced hires, but I am more than willing to talk to junior folks that have the skills to hit the ground running. 

Web Application Tester
Responsibilities:
•   Perform analysis and testing to verify the strengths and weaknesses of Web Applications and Web Services (SML, SOAP, WSDL, UDDI, etc)
•   Perform Internet penetration testing (blackbox/whitebox testing) and code reviews (manual/automated)
•   Assist with the development of remediation services for identified findings
•   Develop, operate, audit, and maintain secure applications
•   Identify and clearly articulate (written and verbal) findings to senior management and clients
•   Help identify improvement opportunities for assigned clients
•   Supervise and provide engagement management for IT staff working on assigned engagements
Qualifications:
•   Bachelor’s degree in computer science or related field from an accredited college/university
•   Technical background in web application development/architecture or related fields
•   Two or more years of .Net, Java, Ruby, Perl, Python, or C experience
•   Operating System Configuration and Security experience (HP-UX, Linux, Solaris, AIX, etc.)
•   Configuration and Security experience with Web Servers and Web Applications (Apache HTTP/Tomcat, Microsoft IIS, Sun One, Oracle iPlanet, IBM WebSphere, etc.)
•   Database Configuration and Security experience (MySQL, Microsoft SQL, IBM DB2, Sybase, Oracle, etc.)
•   Web Service experience (XML, SOAP, WSDL, UDDI, etc)
•   Experience with web application testing and development frameworks, such as the Open Web Application Security Project (OWASP)
•   Experience with discovering and demonstrating web application vulnerabilities such as Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Injection Flaws, Remote file inclusion (RFI) and SQL Injection
•   Commercial Application Security tools experience (AppScan, WebInspect, Acunetix, etc.)
•   Web Proxy tools experience (Achilles, Burp, Spike, Paros, etc.)
•   One or more of the following technical certifications: Sun Certified Java Developer® (SCJD®); Microsoft Certified Solution Developer® (MCSD®) for .NET; Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); GIAC Web Application Security (GWAS);or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc)
•   In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®)
•   In-depth knowledge of the security and privacy provisions of a variety of regulations and standards such as PCI, NERC/CIP, SOX, HIPAA/HITECH, FFIEC, EU Privacy Laws, ISO, and COBIT
•   Track record with published content / research work in the information security field
•   Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client’s senior management team