Application Security Consultant

Overview

Remote
Depends on Experience
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - 6 Month(s)

Skills

Application Security
DAST
SAST
Threat Modelling
AppScan
OWASP
OWASP Top 10
AppSec

Job Details

Application Security Consultant
Remote Work


Required Qualifications:

Technical Competencies
In depth comprehension of the OWASP Top 10 and an ability to communicate with developers and application architects. Development or software architecture background is preferred.
Experience working with application security frameworks such as BSIMM and SAMM
Expertise in performing cloud architecture reviews, application risk assessments and threat modeling
Experience in integrating security controls into all forms of SDLC including automation into a CI/CD pipeline
Analyzes business impact and exposure based on emerging security threats, vulnerabilities and risks, and recommends technologies and solutions to mitigate them.
Implement security considerations for in house developed, COTS and SaaS solutions
Translates technical concepts into plain language to show business risk
Collaborates with developers and software architects to adjust designs to securely meet business and technical requirements

Cultural Competencies
o Comfortable operating in an environment with constant change and ambiguity
o Demonstrated experience mentoring others by providing technical guidance to project teams
o Build relationships with development, software architecture and product management stakeholders
o Experience working in highly regulated environments subject to HIPAA, HITrust, PCI or other related


Preferred Qualifications:
o Bachelor's degree in an IT-related field strongly preferred; post-graduate degree is a bonus, but not required
o Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
o Experience with CI/CD pipelines
o Automation and standardisation of software security controls, particularly into a CI/CD pipeline
o Communicate the need for security controls to a business audience, including justification of spend and effort
o CISSP, CISM or equivalent
o GIAC or Offensive Security certifications
o Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, Google Cloud Platform)
o Cloud Security Alliance (CCSP, CCSK) (ISC)2

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.