Company: WinMill Software

Location: New York City Metro Area

Job Description

Winmill Software is actively seeking a full-time Application Security Engineer. The candidate will perform application security assessments using leading market tools, and be able to read, vet and triage results. The ideal candidate will have a background in application development and can work with developers to remediate vulnerabilities. The candidate must understand Secure DevOps and be able to design and build ALM architectures that support static scanning, dynamic scanning, risk correlation and remediation management. The candidate must be an enthusiastic problem solver with excellent communication skills, must be able to work independently and directly with clients, and must be committed to establishing and teaching best practices for Application Security and Secure DevOps.

Job Responsibilities

• Design and build secure development operations (Secure DevOps) architectures for clients as part of a continuous integration process.
• Perform static and dynamic application vulnerability assessments using multiple tools.
• Evaluation scan results, parse out false positives, correlate results from multiple tools, triage results and provide recommendations for remediation.
• Perform actual code remediation in one more of the following.
• Train clients on Secure DevOps best practices, as well as how to use various tools.
• Help to build out Secure DevOps architectures in WinMill sandboxes; train WinMill staff on best practices

Job Requirements

• Bachelor’s degree in computer information systems, or equivalent.
• At least three (3) years’ experience in software development using one or more of the following: javascript, node.js, java, C, C#, .NET, PHP, Python, Ruby.
• Ability to identify vulnerabilities in applications written in these languages.
• Knowledge and ability to assess web and non-web applications.
• Knowledge of secure coding methodologies including OWASP Secure SDLC, MS-SDLC.
• At least two (2) years’ experience with dynamic security testing tools such as Acunetix, BurpSuite, HP Webinspect, Veracode and ZAProxy.
• At least two (2) years’ experience with static testing tools such as CheckMarx, HP Fortify Static Code Analyzer and Veracode. Knowledge of CI/CD tools such as Artifactory, git, Chef, CircleCI, Consul, Jenkins, Microsoft TFS.
• Knowledge of secure methodologies and programming concepts including cryptography, authentication models and standards, secure libraries, and methods to evaluate their applicability to business and development problems.
• Preferred: knowledge of AWS environments and development within them, including CloudFormation.
• Experience, knowledge and presence to teach and train developers on secure coding and development techniques.
• Proficiency in written and spoken English.
• Ability to present findings and summaries of issues to senior management.
• Proactive and self-motivated, including willingness to reach out to development teams and stakeholders to discuss issues and identify areas needing assistance.
• Authorized to work in the US for any employer.

Company: WinMill Software

Location: New York City Metro Area

Job Description

Winmill Software is actively seeking a senior C#/.NET engineer.  This position requires demonstrated skill in applying technical solutions to meet business needs, solid interpersonal skills in working with clients, managers and colleagues, excellent written and verbal communication skills, and strong full lifecycle development experience, particularly with the Microsoft tool set.

Winmill operates primarily remotely.  Employees must be able to work independently, adhering to schedules and commitments as well as communicating timely with questions or issues.   Work assignments can vary from longer term development projects that may last several months to shorter term enhancement tasks or analysis work that may last only a few days or only a few hours.  Employees should be comfortable balancing various tasks in coordination with management and colleagues.

Winmill Software is a technology Services Company headquartered in New York City.  Founded in 1994, Winmill has multiple practices including Application Development, Cyber Security, and Data Center & Hosting Services.  Winmill also has several specialty practices, such as Project & Portfolio Management (PPM) and Identity and Access Management (IAM).  We are in rapid expansion mode.  We are looking for top people to help support and direct our growth.

Job Responsibilities

• Work with Winmill colleagues to organize and execute ASP.Net C# Web Forms projects
• Configure and customize existing Winmill applications to suit client-specific needs
• Maintain and enhance Winmill-specific software and application components
• Work effectively with HTML, JavaScript, AJAX and web server processing
• Possess familiarity with and be comfortable developing in mobile or cloud environments such as AWS or Azure.
• Understand use of XML, web services and other application integration technologies or API’s such as email services and online payment processing
• Work with SQL databases, primarily SQL Server, creating and updating queries, stored procedures and functions.

Job Requirements

• 10+ years of professional system implementation experience
• Command of ASP.Net/C# including Web Forms
• General ASP.NET framework
• Web application and web forms software design patterns
• State and memory management in ASP.NET
• Page life cycle and HTTP request handling
• Asynchronous and synchronous web programming
• Expert user of Microsoft SQL Server and TransactSQL, plus query creation and tuning
• Expert user of Ajax and JavaScript tools such as jQuery
• Experience with database design, including use of SQL Server Integration Services (SSIS)
• Experience with reporting tools such as Crystal Reports and Microsoft ReportViewer or Reporting Services
• Experience with modern front facing web technologies (HTML5/CSS/JS), building solutions that are scalable, secure and customer facing.
• Experience with modern javascript web frameworks, nodeJS preferred.
• Experience building complex but static web front end solutions compatible with serverless hosting using React/Gatsby.
• Experience with REST APIs & development in a CI/CD environment.
• Knowledge of mobile development with tools such Xamarin, Ionic or React Native a plus
• Knowledge of cloud development such AWS or Azure a plus
• Experience with website setup and configuration, specifically with IIS
• Excellent verbal and written communication skills
• Candidate must be legal to work in the US
• Bachelor of Science in Computer Science, Mathematics or a related discipline, or commensurate professional experience is preferred