Coalfire is hiring a
Consultant Penetration Tester in United States

Summary

Coalfire is seeking a Consultant for its Application Security team. The successful candidate will work independently and collaboratively with a team to assess the security of client applications and support infrastructure, lead penetration testing projects, advise clients on technical security matters, and contribute to thought leadership initiatives. The role requires a proven track record in managing client engagements, understanding of the Secure Development Life Cycle, knowledge of popular web technologies, and excellent communication skills.

Requirements

• Proven track record of success managing client engagements
• A thorough understanding of the Secure Development Life Cycle
• A working knowledge of popular web technologies and languages such as .NET, Java EE, Node.js , Rails or JavaScript
• Working knowledge of web service protocols and hosting technologies
• Familiarity with code scanning and dynamic analysis tools
• Application penetration testing and assessment tradecraft and methodologies (including browser-based, API, thick client, and mobile testing)
• Strong working knowledge of at least two programming or scripting languages, and the ability to read code regardless of the language in which it is written
• Excellent verbal and written communication skills, including technical writing of assessment reports, presentations, and operating procedures
• Client-centric consulting with high level of collaboration
• Strong understanding of security principles, policies, and industry best practices

Responsibilities

• Work independently and collaboratively with a team to both lead and support engagements
• Application Penetration Testing (Browser-based, API, Mobile, IoT, Cloud)
• Threat Modeling
• Advise clients on technical security or compliance activities
• Manage priorities and tasks to achieve utilization targets
• Operate with professionalism both internally and with clients
• Ensure quality reports and services are delivered efficiently and on time
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables
• Communicate with client stakeholders to include leadership, systems and network administrators, security engineers, development, and support teams
• Enhance and maintain cloud service provider technical testing methodologies and standards
• Lead and support penetration testing projects through their entirety
• Contribute to thought leadership initiatives through blogs, conference speaking, and/or R&D functions

Preferred Qualifications

• Experience in a consulting/professional services role
• Experience in Application Security and/or Software Development

Benefits

• Flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office
• Opportunities to join employee resource groups, participate in in-person and virtual events
• Paid parental leave
• Flexible time off
• Certification and training reimbursement
• Digital mental health and wellbeing support membership
• Comprehensive insurance options