Global Security Consultant - Application Security

Bethesda, MD
Mar 14, 2018
Mar 15, 2018
Full Time
The Global Security Consultant in the global practice should be an advisor and pragmatic management consultant that can speak to the security landscape and have the ability to communicate effectively with senior members of a client management and/or executive teams. The consultant should have a depth of knowledge and experience in Application Security. However, at some level, should be able to speak to the breadth of the security landscape as well. The successful candidate will perform application security assessments, code reviews, and Software Development Life Cycle (SDLC) security consulting in a customer environment. The candidate will be responsible for identifying specific and systemic security issues within applications and the application development and lifecycle maintenance process. The consultant will also be a resource for the client in establishing and expanding the base of client knowledge in the area of application security. Must be willing to travel 75% annually, including international travel., Projects may include: * Performing application vulnerability and security assessments * Performing application security risk assessments * Performing code review across a variety of programming languages * Performing assessments of SDLC processes * Performing threat modeling * Developing testing scripts and procedures * Developing and delivering application security training and outreach * Creating gap analysis and client improvement program recommendations * Other security-related projects that may be assigned according to skills * Candidates must have demonstrated experience in successfully completing tasks and delivering professionally written reports for clients. * Must have the ability to present findings to technical staff and executives.* Effective communication and presentation skills * The ability to lead large groups and be a primary facilitator * Demonstrated written skills * Comfortable working in a project based / client serving model * Ability to lead and shape client expectations * Help drive pursuits and engage in complex deals, matching outcomes to expectations * Ability to work easily with diverse and dynamic teams * Ability to work in a matrix management model * Preference for candidates with Secondary language skills, * Application security experience with major programming languages (eg, Java, C, C++, .NET (C#, VB)) * Experience leading software development projects * Experience with threat modeling and security risk assessments Required Technical and Professional Expertise * At least 3 years experience working on projects related to Application Security * At least 5 years experience in IT and / or software development * Experience in application code review methods and standards * Experience in application development and coding * Experience in OWASP TOP 10 vulnerabilities, tools and methodologies * Experience in and an understanding of HTTP protocol and web programming * Experience in common application security requirements * Experience in standard Software Development Life Cycle (SDLC) practices * Experience working across diverse teams to facilitate solutions * Self-motivated individual with the ability to work in a high-achieving team environment as well as independently * Readiness to travel 75% annually, including international travel Preferred Tech and Prof Experience * At least 5 years experience in management consulting and systems integration * At least 5 years experience in Application Security * At least 8 years experience in IT and / or software development * Experience with web application development * Familiarity with vulnerability scanning tools (eg, Qualys, Nessus, Nexpose, Saint) * Familiarity with web application vulnerability scanning tools (eg, IBM AppScan, HP, Webinspect, Accunetix, NTO Spider, Burpsuite Pro) * Familiarity with static analysis tools (eg, IBM Appscan Source, HP Fortify) * Familiarity with interactive and automated penetration testing * Experience working in an international deployment role * Experience working with security consulting teams * Certified in CISSP, CEH, and/or CSSLP

Similar jobs