Coalfire is hiring a
Senior Consultant Penetration Tester in United States

Summary

Coalfire is seeking a Senior Consultant to support their Application Security team. The role involves leading engagements, assessing application security, advising clients on technical security activities, and contributing to thought leadership initiatives. The ideal candidate has at least 5 years' experience in a consulting/professional services role, 5 years' experience in Application Security and/or Software Development, and strong understanding of various compliance frameworks.

Requirements

• Minimum of 5 years’ experience in a consulting/professional services role
• Minimum of 5 years’ experience in Application Security and/or Software Development
• Experience testing against one or more IT security compliance frameworks, such as PCI, FISMA, HIPAA, FedRAMP, or HITRUST
• Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), National Institute of Standards and Technology (NIST) Special Publications, and PTES (Penetration Testing Execution Standard)
• Excellent verbal and written communication skills

Responsibilities

• Lead engagements, assessing the security and compliance of various types of client applications and supporting infrastructure
• Advise clients on technical security or compliance activities
• Manage priorities and tasks to achieve utilization targets
• Operate with professionalism both internally and with clients
• Ensure quality reports and services are delivered efficiently and on time
• Continue to develop professional skills with relevant industry specific certifications or training
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables
• Escalate client and project-related issues to management in a timely manner to inform and engage the necessary resources to address the issue

Preferred Qualifications

• Software development/engineering
• Cloud Service penetration testing tradecraft and methodologies across multiple service providers (e.g. AWS, GCP, etc.)
• Mobile platform penetration testing tradecraft and methodologies across both widely-used platforms (iOS and Android)
• Network/host-based penetration testing tradecraft and methodologies
• Cloud Service penetration testing specifically against AWS and GCP services
• Mobile device and application penetration testing on both iOS and Android platforms

Benefits

• Flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office
• Paid parental leave
• Flexible time off
• Certification and training reimbursement
• Digital mental health and wellbeing support membership
• Comprehensive insurance options