Cyber Security - Application Development
Our client is an information security consulting company that was founded to empower organizations to operate in harmony through simple, effective security programs.
The Application Security Consultant II will report to the Manager of Technical Services and be a part of the Blue Team consulting practice, working both independently and as part of a team to:
• Partner with potential, new, and existing clients to develop trusted relationships and new opportunities.
• Lead and participate on project implementation teams for client engagements, including consulting with
development teams to facilitate the identification and remediation of web application vulnerabilities.
• Quickly gain a working knowledge of customer’s IT/Security environments through conversations and
• Advise others of information security concepts using presentations, reports, code samples, and
• Leverage modern technology solutions to solve legacy application and infrastructure problems.
• Use code to programmatically perform job duties, such as identifying risks and/or automating the identification and response of malicious actions.
• Create, develop, mature, and contribute to the catalog of services.
• Contribute to the security community, through open source code contributions, presenting at and attending local security events, and networking with local security professionals.
• Support client engagements, such as those being led by the Red Team and/or GRC Team.
• Continually research and learn new technologies and techniques through a mix of self-guided and formal training.
QUALIFICATIONS AND EDUCATION REQUIREMENTS
• Demonstrated experience working with cloud providers such as AWS, Azure, or GCP.
• Demonstrated experience working with git, docker, SAST, DAST, and related CI/CD tooling.
Experience working with containerized workloads and related management or orchestration options such as Kubernetes
• Demonstrated knowledge in software quality assurance and code review techniques, with an interest in the integration of security within the software development lifecycle
• Familiarity with common security frameworks and regulations such as SOX, HIPAA, PCI-DSS, GDPR, NIST 800-171, CMMC, ISO 27001/2, and SOC 2.
• Clear understanding emerging development trends, including cloud native architectures, DevOps, andmicroservices.
• Expert knowledge of all major Operating Systems, including Windows, macOS, and Linux.
• Proficiency in at least one programming language such as Python, Java, Ruby, C++,Golang, or Powershell.
• Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
• Experience with and understanding of infrastructure-as-code tooling such as Packer, Terraform, Ansible, InSpec, and Terragrunt.
• A history of using and contributing to open source projects or developing software as a part of a team.
• Experience analyzing and using large amounts of data, such as logs and network traffic, to defend an
organization through the use of proprietary and open source technologies.
• Experience working in software development with a focus on or demonstrated interest in, and knowledge
of application security.
• Experience working with intrusion detection and prevention, network security monitoring, host security
and hardening, networking and system administration, cryptography, and/or database administration.
• Strong task management and self-management skills, problem solving/critical thinking skills, and verbal and
written communication skills.
• Ability to work asynchronously and autonomously on assignments, tasks, and projects
• CISSP or equivalent training and certification.
• Prior consulting experience, especially with a focus on partnering with companies to improve the
robustness of their security program or to establish a robust security program from scratch.
• Ability to describe and communicate complex technical security concepts to technical and non-technical
• Strong written and verbal communication skills, including the ability to present at information security
events and conferences, and to curate content such as writing blog posts and written reports.
Login to create notifications on the jobs you’re looking for!
Have any questions?
Let’s get in touch
Share on popular social media