The Senior Application Security Consultant role is to execute professional service offerings that will include application and penetration testing service offering support and execution. This individual is responsible for managing client relations, executing assigned technical projects, delivering quality work deliverables in an efficient and thorough manner. The Senior Application Security Consultant must understand a wide range of technologies and compliance frameworks to satisfy the clients needs and expectations. Due to the nature of the position, consultants are expected to travel throughout the year depending on customer requirements.
Primary Duties and Responsibilities include, but are not necessarily limited to, the following:
- Guide and perform security activities, including risk assessments, intrusion and vulnerability testing, code review, static and dynamic code testing, and penetration testing of web applications
- Perform findings/vulnerabilities analysis, document results, engage with high level personnel, discuss findings, provide recommendations, explain testing techniques, and stay current on weaknesses and vulnerabilities.
- Execute engagements, either solo or as a team lead, and produce quality deliverables that meet client business objectives.
- Take a leadership and training role for all new consultants joining the professional services group with a focus on web applications.
- Assist with the development of internally and publicly released DirectDefense tools that will be defined by management.
- Adhere to DirectDefense s customer commitment.
Minimum Education & Experience
- 5+ years of information security, development, and/or testing experience.
- Knowledge and experience in application technology security testing, including white box, black box, and code review
- Current Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CISA or similar certifications.
- In-depth knowledge of OWASP top 10 weaknesses, and the OWASP testing frameworks.
- Extensive experience with testing tools such as Metasploit, Burp Suite,Kali Linux and others.
- In-depth knowledge of Microsoft Active Directory, networking and TCP/IP.
- Minimum of 2 years of experience in a consulting services role, or related internal information security positions
- Bachelor s degree in a relevant discipline or equivalent experience
- Willingness to travel up to 20%