Senior Application Security Consultant
Application Security | New York, NY, United States

Basic Function                                      

  • Perform whitebox (source-based) application security assessments
  • Perform blackbox application security assessments
  • Perform application security architecture and risk assessments
  • Perform secure development lifecycle (SDL) process assessments
  • Report to clients and assist in remediation of findings from assessments
  • Develop application security standards and policy documentation
  • Develop and lead of application security training
  • Assist clients in developing of application security solutions
  • Assist in sales, scoping, and marketing of application security engagements
  • Development of consulting methodologies and process


Required Qualifications                     

  • Minimum of 7 years of professional experience in computer security or software development
  • Experience researching, developing, and applying new technologies and methodologies
  • Experience with cloud and virtualization environments
  • Experience with mobile applications and devices
  • Exceptional communication skills, both oral and written.
  • Intermediate administration skills for Windows and/or Unix systems
  • Intermediate TCP/IP networking knowledge (including networking architecture, firewall configuration, and DMZ layout)
  • Advanced Web technology knowledge (i.e., HTTP, HTML, SQL)
  • Advanced knowledge of the detection, exploit, and prevention of software vulnerabilities (i.e., SQL Injection, XSS, buffer overflows)
  • Excellent self-tasking skills
  • Professional certification strongly encouraged


Travel Required                                    Up to 50% per year


Education Requirements                   Master’s Degree in Computer Science with an emphasis in Computer Security (or equivalent experience) to include:

  • Minimum 5 years of experience with multiple major programming languages (C/C++ and Java preferred)
  • Intermediate knowledge of software design and engineering processes
  • Advanced knowledge of software security processes and implementation


Certifications (preferred, but not required)

  • Certified Information Systems Security Professionals® (CISSP®)
  • Certified Information Security Manager® (CISM®)
  • Certified Information Systems Auditor® (CISA®)
  • Microsoft Certified Solution Developer® (MCSD®)
  • Sun Certified Java Developer® (SCJD®)