Senior Application Security Consultant

Responsibilities:

• Lead engagements from start to completion, working closely with internal and external teams.
• Provide application security services including design review and pen-testing of web, mobile, or desktop applications using automation tools as well as manual methods.
• Create and deliver application security design documents and risk assessment reports.
• Design application security solutions to meet clients’ needs.
• Review issues identified and related remediation with clients and assist with implementation.
• Work closely with client’s development teams and assist with secure development activities
• Champion cross-domain collaboration and coordination of security efforts.
• Provide Application Security subject matter expertise, peer reviews, and mentorship.
• Assist with Cloud Infrastructure security and engagements in other domains as appropriate.
• Contribute to Forward Security’s growth and role as an industry leader by delivering best-in-class services.
• Assist with technical sales of application security and other services.
• Identify areas for process improvement and automation, and aid in efforts to implement the recommendation as appropriate.
• Provide regular updates to Forward Security leadership on key activities, metrics, accomplishment, and blockers.
• Partake in educational activities including attending appropriate training and conferences.

Requirements

• Bachelor’s degree in Computer Science, Computer Engineering or equivalent.
• 3+ years of work experience in an Information Security role, with min. 2 year in Application Security.
• 2+ years of modern software development experience (API expertise is a plus).
• Strong understanding of secure software design, development methodologies, and principles.
• Good knowledge of programming languages such as Java, JavaScript, C#, Python, or C/C++, as well as related application development frameworks.
• Ability to identify and protect against web and mobile applications security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
• Experience with static and dynamic security analysis tools, as well as black-box and white-box methodologies.
• Knowledgeable of tactics, techniques, and procedures used for software security exploitation.
• Experience with application security architecture, design consulting, and risk assessment using industry leading processes and methodologies.
• Ability to create and execute test plans and provide supporting documentation and metrics.
• Knowledge of authentication and authorization protocols such as OpenID, OpenID Connect, OAuth, and SAML, as well as applied cryptography.
• Familiarity with cloud platforms and automated security assessment tools
• Contributions to the security community such as research, presentations, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Highly motivated, self-starter, team player, and driven to overcome obstacles.
• Excellent communication and executive-level presentation skills.
• Passionate about software and security with an Ethical Hacker mindset.