HuntSource has the joy of partnering with a well-known and established security consulting organization primarily specializing in Web Application Security. They are trusted by some of the nation's biggest and most critical organizations to guide and build best practices into engineering and development lifecycles across applications, OS, networks, mobile, cloud, and IoT.
They are looking for a Senior Application Security Consultant to make an immediate impact integrating security into the SDLC and supporting manual code reviews and penetration testing.
This is a full-time, 100% remote flexible position with zero travel expectations. Must sit in the United States.
SUMMARY OF RESPONSIBILITIES
- Perform source code (2 or more of Python, Java, C++, .NET, Ruby, PHP, etc.)
- Conduct dynamic testing (DAST) on applications or devices, and prepare documentation for clients
- Deliver deep security analysis across one or more of web, mobile, IoT, and cloud
- Devise novel approaches to securing software through collaboration with engineering teams
- Security Automation & Custom Analysis: contribute to internal toolkits and methods
QUALIFICATIONS & REQUIRED EXPERIENCE
- 3+ years of dedicated Application Security experience, preferably within consulting or enterprise-level environments (financial services a big plus)
- Strong expertise in performing Web Application security assessments including manual source code reviews and dynamic/hybrid testing
- Able to identify vulnerabilities outside of those simply revealed by automated scanning - dive deeper!
- Exude confidence in explaining technical details to both technical and non-technical audiences
- Collaborate and work directly with software and security teams to enhance security posture of their systems
- Strong experience with testing development frameworks using one or more of the following languages:
- Capable of and enjoys mentoring junior and mid-level consultants
- Passion for exploring software and identifying ways it can be attacked and defended. Again - PASSION!
- Experienced with a blend of mobile, network, cloud (AWS), and containerization with Kubernetes and Docker
- Knowledge of cloud-based architectures (AWS, GCP, Azure), as well as patterns including cloud-native systems and microservices