Title: Sr. Application Security Consultant / Reverse Engineer
Location: Anywhere, USA - 100% Remote
Terms: Direct Hire / Perm W2
Level: Consultant Level 3 (leads and is responsible for all aspects of a client project)
Direct Reports: None
Salary/Rates: Commensurate with Experience (Targeting 100-125K). Some flex here depending on experience.
- Do you have a strong experience with web and mobile application development and application security assessments?
- Do you understand a wide range of technologies, programming languages and application frameworks to identify risks and vulnerabilities in customer systems?
- Do you want to work with a team of application security experts conducting security assessments, penetration testing, research, and consulting?
- We have an immediate position open for a Senior Application Security Consultant, which is an experienced role that leads and conducts complex, nonstandard application security testing, leads and trains multiple team members on engagements, and assists in the ongoing development of the practice.
- Security PS has 3 types of roles within the organization: This is a Consultant Level Position
- Apprentice (observes and shadows)
- Engineers (responsible for certain elements/tasks on a project and delegating tasks
- Consultant (leads and responsible for all aspects of a project).
- Our senior consultants lead teams to conduct application-layer security assessments, penetration tests, and conduct research in this important field.
- Our team sees a variety of web technologies including single page applications (SPAs), Android and iOS applications, SOAP and REST services, desktop applications, OAuth implementations, single sign-on, custom network protocols, and more.
- We get to do reverse engineering of .NET, Java, Android, and other common platforms as part of engagements.
- You will train and support other consultants in gaining the skills required to test these applications thoroughly.
- As a Senior Application Security Consultant, you will be expected to be able to assess complex applications on day one as well as demonstrate superior consulting, project leadership, communication, and writing skills.
Demonstrable knowledge of:
- Consult with technical and non-technical client stakeholders
- Lead complex, on-standard projects as well as train less experienced consultants and make them successful on projects
- Take on new technologies that are unfamiliar, research them, and perform a comprehensive assessment on that component
- Apply testing methodologies and tools to perform penetration testing and assessments on complex applications.
- Maintain application development knowledge and skills to support Security PS methods, services, and consultative value.
- Lead assessment engagements according to our defined methodology, collaborating with the team for support, and taking ownership of the result.
- Manages priorities and tasks to achieve utilization targets.
- Participate in research and development efforts to improve Security PS practices and team skills.
- Manage personal work time with little supervision while meeting internal and external client deliverable deadlines.
- Collaborates with senior consultants and sales to assist in scoping efforts for incoming sales requests and deliverables.
Passing knowledge of:
- Extensive experience performing manual penetration testing and assessments on web applications, Single Page Applications, Mobile Applications, Desktop Applications, Web Services (SOAP & REST), and OAuth implementations.
- 3-5 Years of .NET C# Software Development Background
- Ability to reverse engineer Java, .NET, .NET Core and Android applications.
- Able to write deliverable reports, including executive summaries and presentations, and status reports for clients
- Proficient at using Burp Suite Professional to manually identify and exploit vulnerabilities
- AppSec tools such as ILSpy, dnSpy, JD-GUI, apktool (other tools that would be nice to have)
- Application security principles, risks, attacks, and resources from sources such as the OWASP Testing Guide (Open Web Application Security Project) and Burp Web Academy
- Excellent project management, leadership, time management, and client consulting skills
- General networking principles and IT administration basics.
- Encryption methods, disciplines and technologies
- Technical management and IT business concepts.
- Direct work experience performing application penetration testing or assessments
- Ability to begin testing immediately with guidance on Security PS’s specific methodology
Covenant Consulting strives to attract, cultivate and retain exceptional talent. If you feel you are a match for the position, and are interested in a great growth opportunity, we encourage you to contact email@example.com.
Covenant Consulting is a Technology Services Provider offering project-based IT consulting, IT staffing and IT recruiting services. Every partnership reflects our uncompromising commitment to quality and integrity. We have extensive experience and capabilities in project-based consulting, short and long-term staff augmentation, and permanent recruitment. We work with companies of every size, across many industries and have the flexibility to scale solutions to meet our client's specific needs.