fbpx

Senior Application Security Consultant

Senior Application Security Consultant
TECIE - Remote, Canada
Negotiable
Full Time
IT & Software Development
C# CWE JavaScript OWASP Python

Responsibilities:

  • Lead engagements from start to completion, working closely with internal and external teams.
  • Provide application security services including design review and pen-testing of web, mobile, or desktop applications using automation tools as well as manual methods.
  • Create and deliver application security design documents and risk assessment reports.
  • Design application security solutions to meet clients’ needs.
  • Review issues identified and related remediation with clients and assist with implementation.
  • Work closely with client’s development teams and assist with secure development activities
  • Champion cross-domain collaboration and coordination of security efforts.
  • Provide Application Security subject matter expertise, peer reviews, and mentorship.
  • Assist with Cloud Infrastructure security and engagements in other domains as appropriate.
  • Contribute to Forward Security’s growth and role as an industry leader by delivering best-in-class services.
  • Assist with technical sales of application security and other services.
  • Identify areas for process improvement and automation, and aid in efforts to implement the recommendation as appropriate.
  • Provide regular updates to Forward Security leadership on key activities, metrics, accomplishment, and blockers.
  • Partake in educational activities including attending appropriate training and conferences.

 

Requirements

  • Bachelor’s degree in Computer Science, Computer Engineering or equivalent.
  • 3+ years of work experience in an Information Security role, with min. 2 year in Application Security.
  • 2+ years of modern software development experience (API expertise is a plus).
  • Strong understanding of secure software design, development methodologies, and principles.
  • Good knowledge of programming languages such as Java, JavaScript, C#, Python, or C/C++, as well as related application development frameworks.
  • Ability to identify and protect against web and mobile applications security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
  • Experience with static and dynamic security analysis tools, as well as black-box and white-box methodologies.
  • Knowledgeable of tactics, techniques, and procedures used for software security exploitation.
  • Experience with application security architecture, design consulting, and risk assessment using industry leading processes and methodologies.
  • Ability to create and execute test plans and provide supporting documentation and metrics.
  • Knowledge of authentication and authorization protocols such as OpenID, OpenID Connect, OAuth, and SAML, as well as applied cryptography.
  • Familiarity with cloud platforms and automated security assessment tools
  • Contributions to the security community such as research, presentations, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
  • Highly motivated, self-starter, team player, and driven to overcome obstacles.
  • Excellent communication and executive-level presentation skills.
  • Passionate about software and security with an Ethical Hacker mindset.