Do you have a coding background and enjoy learning about, finding, and addressing security vulnerabilities? Do you want to work with a team of application security experts conducting security assessments, penetration testing, research, and consulting?
We are seeking motivated and dedicated professionals to join our client’s team. We have an immediate position open for an Application Security Consultant, which is a technical role that conducts application security testing and leads projects on our client’s team. Teams work to conduct application-layer security assessments, penetration testing, threat modeling, secure SDLC consulting, and conducting research in this important field.
All employees are encouraged to continue to develop both their technical skills and consultative soft-skills. Accomplished employees are given opportunity to lead team members on engagements, lead training events, conduct research, and provide guidance to clients for implementing remediation fixes for identified risks.
- Apply testing methodologies and tools to complex applications for finding weaknesses and consulting opportunities.
- Maintain application development knowledge and skills to support internal methods, services, and consultative value.
- Lead assessment engagements according to our defined methodology, collaborating with team for support, and taking ownership of the result.
- Consult on secure development methods in a business-friendly manner.
- Maintain knowledge and be able to consult on various industry regulations as they apply to secure application development.
- Participate in research and development efforts to improve internal security practices and team skills.
- Work singularly and within a small team using in-person meetings as well as remote collaboration technologies.
- Manage personal work time with little supervision while meeting internal and external client deliverable deadlines.
- Consider opportunities to speak or write publicly about areas of expertise.
Demonstrable knowledge of:
- Web, mobile, and thick client application technologies and platforms
- Modern development frameworks such as .Net and Java
- AppSec tools such as Burpsuite, OWASP ZAP, ILSpy, dnSpy, JD-GUI, x64dbg, Frida, dex2jar, apktool
- Application security principles, risks, attacks, and resources such as OWASP
- Software Development Lifecycles and development practices
- Leading and taking responsibility for the success of a project
- Planning, communication, writing, and consulting soft skills
- Project leadership, communication, and consulting
Passing knowledge of:
- General networking principles and IT administration basics.
- Encryption methods, disciplines and technologies
- Technical management and IT business concepts.
- BS or higher in Computer Science, Mathematics, or equivalent.
- Directly relatable on-the-job experience of 2yrs or more.
- IT security related: 2 years (Preferred)
- Software Development: 3 years (Required)