Coalfire is currently seeking programmers with 2-3 years of formal application development experience to train and develop into application security auditing and advisement specialists. This is an exciting and rapidly expanding service sector, particularly supporting the Payment Card Industry (PCI) where all payment applications and platforms are being asked to demonstrate compliance with stringent regulations to stay competitive within the merchant and service provider market space. These positions are open in our Seattle and Boulder offices.

As part of the training process, Coalfire will help you achieve important security auditing certifications such as CISSP, CISA and CISM, and PCI-associated application audit certifications. Additionally, our application auditors develop a deep understanding and valuable capabilities in implementing an effective Security Development Lifecycle (SDLC) in diverse IT environments.

Participate in application security audits, primarily for VISA CISP (PCI), Sarbanes-Oxley (SOX), HIPAA and GLBA compliance. Perform application penetration testing as required. Establish control criteria to evaluate applications, document controls deployed within client applications, identify gaps in compliance with control criteria, prepare remediation roadmaps to assist clients in achieving compliance and design/conduct tests to ensure control objectives are met. Consolidate all control documentation and test results in an audit report and present (verbally and written) the results of the audit to senior management at the client company. Perform additional related duties as required.

A broad range experience and education is necessary to provide the requisite range of technical, administrative, and programming skill. Typically, the successful candidate will have a BS Degree in computer science, information technology/operations or related field and/or 2-3 years of experience in programming or development project management of enterprise class applications and the desire to learn application auditing and documentation.

Knowledge of enterprise programming and solutions architectures is required. Knowledge of core IT security principles and domains is highly desirable with knowledge of regulatory or compliance requirements a major plus, as well as general familiarity with application security best-practices, such as the Open Web Application Security Project (OWASP) or Microsoft Application Security Resources. Experience in developing or participating within formal software development lifecycle is important.

Ability to program in at least one enterprise programming language (VB.NET, C#, C++, J2EE/J2SE) is essential. Candidate must also be able to understand key systems and networking security issues, and how the former are impacted by insecure applications.

Candidate must be able to write and speak at a professional level with the ability to lead or participate in teams and present verbal and written findings and audit results to executive level management. Past IT audit or audit management is valuable, but not required.

Please submit resumes to: