Remote Senior Application Security Consultant

Summary

Join GuidePoint Security's elite team of Application Security experts as a Senior Application Security Consultant, delivering strategic Application Security services to clients and contributing to the Practice's offerings by evolving them in response to emerging threats and diverse client needs.

Requirements

• Direct hands-on experience in performing application security service offerings, including but not limited to application threat modeling, application architecture reviews, and application security program (SDLC) assessments
• Experience and working knowledge of application security controls, application architectures, database architectures, application security requirements, and industry standards and frameworks
• Operational DevSecOps experience
• Experience writing code in JavaScript, shell, Python, Java, C++, PHP, or C#, is preferred
• Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information during live conversations, formal deliverables, white papers, and case studies
• InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing experience, is strongly preferred
• Standard industry certifications are preferred
• Minimum of 4 years of experience in Application Security or related roles
• Minimum of 2 years of experience in a consulting services role or related internal information security positions
• Bachelor’s degree in a relevant discipline or equivalent experience

Responsibilities

• Delivering Application Security services, including but not limited to Application Threat Modeling, Application Architecture Reviews, and Application Security Program (SDLC) and DevSecOps Assessments
• Author comprehensive assessment deliverables that are proficiently tailored to both technical and managerial audiences and fully detail the technical execution, core deficiencies, business impact, and realistic remediation strategies
• Awareness and understanding of the rapidly changing application security landscape, including open-source and commercial tools, assessment methodologies and approaches, and strategy frameworks, such as OWASP SAMM, OWASP DSOMM, and NIST SSDF
• Deep understanding of a broad range of application security issues, mitigation strategies, and common application security controls
• Assist with Practice development, including improving existing offerings, creating new offerings, and mentoring team members
• Contribute to marketing initiatives via activities such as publishing research, speaking at industry conferences, authoring blog articles and white-papers, hosting webinars, and developing security tools
• Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry
• Foster client relationships by providing support, information, and guidance
• Maintain a strong desire to learn, adapt, and improve along with a rapidly-growing company
• Perform other duties as assigned

Benefits

• 100% employer-paid medical premiums (employee only $0 deductible and HSA plans) along with 75% employer-paid family contributions
• 100% employer-paid dental premiums (employee only) along with 75% employer-paid family contributions
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option