Title: Sr. Application Security Consultant
Location: Anywhere, USA - 100% Remote
Terms: Direct Hire / Perm W2
Level: Consultant Level 3 (leads and is responsible for all aspects of a client project and responsible for all of the client's applications - client facing)
Direct Reports: None but mentoring and training more junior security consultants
Salary/Rates: Targeting 125-170K Plus Bonus Opportunity. Open to all levels of salary requests depending on level of experience.
3 Most Important Requirements
• Actually doing manual web application, single page application, and mobile application assessments with Burp Suite (not just using scanning tools and validating the results)
• Experience and proficiency with testing for all the vulnerabilities in methodology
, understanding OWASP Top 10.
• Great at writing documentation and presenting results to clients
- Do you have a strong experience with web and mobile application development and application security assessments?
- Do you understand a wide range of technologies, programming languages and application frameworks to identify risks and vulnerabilities in customer systems?
- Do you want to work with a team of application security experts conducting security assessments, penetration testing, research, and consulting?
- We have an immediate position open for a Senior Application Security Consultant, which is an experienced role that leads and conducts complex, nonstandard application security testing, leads and trains multiple team members on engagements, and assists in the ongoing development of the practice.
- Our Client has 3 types of roles within the organization: This is the highest level Consultant Position
- Apprentice (observes and shadows)
- Engineers (responsible for certain elements/tasks on a project and delegating tasks
- Consultant (leads and is responsible for all aspects of a client project and responsible for all of the client's applications - meeting directly with clients to discuss vulnerabilities)
- Our senior consultants lead teams to conduct application-layer security assessments, penetration tests, and conduct research in this important field.
- Our team sees a variety of web technologies including single page applications (SPAs), Android and iOS applications, SOAP and REST services, Web API's, thick-clients, desktop applications, OAuth implementations, single sign-on, custom network protocols, and more.
- We get to do reverse engineering of .NET, Java, Android and iOS, and other common platforms as part of engagements.
- You will train and support other consultants in gaining the skills required to test these applications thoroughly.
- As a Senior Application Security Consultant, you will be expected to be able to assess complex applications on day one as well as demonstrate superior consulting, project leadership, communication, and writing skills.
Demonstrable knowledge of:
- Consult with technical and non-technical client stakeholders
- Lead complex, on-standard projects as well as train less experienced consultants and make them successful on projects
- Take on new technologies that are unfamiliar, research them, and perform a comprehensive assessment on that component
- Apply testing methodologies and tools to perform penetration testing and assessments on complex applications.
- Maintain application development knowledge and skills to support the organization's methods, services, and consultative value.
- Lead assessment engagements according to our defined methodology, collaborating with the team for support, and taking ownership of the result.
- Manages priorities and tasks to achieve utilization targets.
- Participate in research and development efforts to improve Security PS practices and team skills.
- Manage personal work time with little supervision while meeting internal and external client deliverable deadlines.
- Collaborates with senior consultants and sales to assist in scoping efforts for incoming sales requests and deliverables.
Passing knowledge of:
- Extensive experience performing manual penetration testing and assessments on web applications, Single Page Applications, Mobile Applications, Desktop Applications, Web Services (SOAP & REST), and OAuth implementations.
- 3-5 Years of .NET C# Software Development Background
- Ability to reverse engineer Java, .NET, .NET Core and Android applications.
- Able to write deliverable reports, including executive summaries and presentations, and status reports for clients
- Proficient at using Burp Suite Professional to manually identify and exploit vulnerabilities
- AppSec tools such as ILSpy, dnSpy, JD-GUI, apktool (other tools that would be nice to have)
- Application security principles, risks, attacks, and resources from sources such as the OWASP Testing Guide (Open Web Application Security Project) OWASP Top 10 and Burp Web Academy
- Excellent project management, leadership, time management, and client consulting skills
- General networking principles and IT administration basics.
- Encryption methods, disciplines and technologies
- Technical management and IT business concepts.
- Direct work experience performing application penetration testing or assessments
- Ability to begin testing immediately with guidance on Security PS’s specific methodology
Covenant Consulting strives to attract, cultivate and retain exceptional talent. If you feel you are a match for the position, and are interested in a great growth opportunity, we encourage you to contact email@example.com.
Covenant Consulting is a Technology Services Provider offering project-based IT consulting, IT staffing and IT recruiting services. Every partnership reflects our uncompromising commitment to quality and integrity. We have extensive experience and capabilities in project-based consulting, short and long-term staff augmentation, and permanent recruitment. We work with companies of every size, across many industries and have the flexibility to scale solutions to meet our client's specific needs.