We run a job posting and resume searching website for the oil and gas industry. Security is a priority for us and to improve the sites security we would like to implement the following.
All employer's can currently register using any email address, yahoo, hotmail, gmail etc. We have stated that we will remove all employer accounts that use such addresses as their primary contact email under the registration yet they continue to do so. This is an issue, as we need to be sure they are who they say they are! so.........
We would like an automated process where we, the administrators could add domains such as [url removed, login to view] [url removed, login to view] etc to a table and if an "employer" attempts to register with such an account listed in this table they are refused, informed why and asked to use another address.
All users, (employers and jobseekers) must authenticate their registered email address by clicking on a link sent to them (to the email address) upon registration. If they do not click the link/URL within a specified time period the account is deleted. Once they have authenticated against this link they can then log in and the account is active.
1. You should be familiar with the WebJobs product from WebScribble
2. Communication skills should be good
3. Excellent PHP/MYsql skills/knowledge
Proven experience with web site security is a BIG bonus!!