Post Wed Aug 11, 2010 12:23 pm

RIM/BlackBerry Hiring a Technical Security Analyst

Technical Security Analyst
Research In Motion (RIM)/BlackBerry
Location: Irving, Texas

** Please apply directly to cataylor@rim.com **

Research In Motion Limited® (RIM)® is a world leader in the mobile communications market and has a history of developing breakthrough wireless solutions. RIM's portfolio of award-winning products, services and embedded technologies is used by thousands of organizations around the world and includes the BlackBerry® wireless platform, the RIM Wireless Handheld™ product line, software development tools and software/hardware licensing agreements. RIM is seeking driven individuals who can take our wireless data products to the next level in the global wireless market. Are you ready to make a difference in the world of mobile communications with RIM?

POSITION SUMMARY

As a member of Corporate Security, the Technical Security Analyst works to ensure the proper security controls of web applications and infrastructure. This position will be challenging, fast-paced, varied in nature and will contribute significantly to the continued success of the company. This position also provides information security services that meet business needs, ensuring that information assets and environments are protected. A strong technical background is required in order to properly assess complex computing solutions.

RESPONSIBILITIES

The successful candidate's responsibilities will include:
• Conduct security assessments and penetration tests across the organization, both manually and with the assistance of automated tools, in order to ensure applications, systems, and networks are not susceptible to known attack vectors.
• Promote secure Software Development Lifecycle (SDLC) habits.
• Ensure the security hardening and vulnerability patching of the organization's networks and infrastructure.
• Conduct code reviews, both manually and with the assistance of source code analysis software, upon internally developed applications.
• Analyze the results of vulnerability assessments and code reviews, write reports based on that analysis, and advise management of vulnerabilities, risk and mitigation.
• Provide technical advice and/or consultation to distributed personnel who are responsible for the development, deployment, administration, and security of the organization's applications systems infrastructure, and networks.
• Support the routine vulnerability scanning and patch management process.
• Assists management in the collection and reporting of metrics and KPIs relating to vulnerability assessment.
• Act as a mentor and assist in the on-boarding of other team members
• Evaluate commercially-available software products and services to determine which of these should be adopted by the organization.
• Stay informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional associations, industry conferences, training seminars, and other information sources.
• Support departmental and organizational activities, goals and objectives as required.
ESSENTIAL SKILLS AND QUALIFICATIONS
• Experience conducting vulnerability assessments and penetration tests of both the infrastructure and application layers
• Experience with, and in-depth knowledge of, vulnerability assessment tools and penetration testing techniques. (e.g., infrastructure / network vulnerability scanners, web application scanners, static code analyzers, web application proxies, packet capture and analysis software, network mapping and port scanners, exploit automation platforms, OWASP, OSSTM, WASC, etc.)
• Substantial knowledge and understanding of vulnerabilities relating to web application technologies, platforms and languages. (e.g., Cross-Site Scripting, SQL Injection, Cross-Site Request Forgery, Authentication / Authorization and Business Logic Bypass, OWASP Top 10, etc.)
• Strong programming / debugging skills with proficiency in one or more of the following; Java, JavaScript, XML, PHP, ASP.NET, AJAX, other scripting languages, etc.
• Knowledge of SDLC methodologies
• Substantial knowledge of vulnerabilities in, and operational details of, various operating systems, databases, and networks, in relation to hardening, configuration, deployment, and administration
• Subject matter expertise in general information security, cryptographic principles, common communication protocols, information systems auditing, computer forensics, packet analysis, intrusion detection/prevention systems and techniques, and security incident response handling
• Experience in hacking hardware and software, discovering flaws and suggesting improvements
• Possess a strong work ethic and desire to follow objectives and succeed in meeting deliverables
• Strong organization, analytic and problem solving skills, with attention to detail and reproducibility.
• Exceptional skills in written and oral communication, including the ability to compose concise and accurate assessment and audit reports
• Ability to work independently with limited direction, and as a member of a team
• Preference will be given to:
o Bachelor's degree
o 2 - 5+ years experience in the field
o Applicable certifications from EC-Council, SANS, ISACA, ISC(2)
If you're driven to take wireless technologies to the next level, it's time you join the team at RIM. We offer a challenging environment that fosters creativity and rewards excellence. Employees also have use of our award winning BlackBerry!

© 2010 Research In Motion Limited. All Rights Reserved. The BlackBerry and RIM families of related marks, images and symbols are the exclusive properties of Research In Motion Limited. RIM, BlackBerry, "Always On, Always Connected" and the "envelope in motion" symbol are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries.