Full-Time Senior Application Security Consultant Based in New York, NY
|PURPOSE OF THE ROLE|
|“Cybersecurity is a science of uncertainty and an art of probability”. Are you ready to solve problems through your strategic thinking and build roadmap adopting consultative approach? Are you passionate enough to try harder until you achieve breakthrough? Are you keen to enhance your knowledge in the ever-evolving technology world?
Client is looking for a Senior Application Security Consultant working as part of their Cybersecurity and Risk services (CRS), to help resolve our client’s various challenges in building an effective, measurable and robust application security program. You will advice / assess security posture of global brands across various industries, and contribute to our thought leadership to integrate your strategic perspective to enhance prevailing process and approach.
|· In software security improvement programs, the security consultant is expected to leverage their capabilities to assist clients in understanding their current posture and propose a contextualised solution to match the organization’s security and business requirements.
· The security consultant is responsible for working with potential clients and shaping up right solutions to be delivered by Implementation Partner.
· Work with Implementation Partner’s venture partners and correlate in embedding their solutions into our overall service portfolio.
· Suggest new approaches and processes to redesign products and solutions related to application security via research and thought leadership.
· Our security consultants make themselves as an indispensable advisor to our clients and build relationship to help create and identify follow-on engagements.
· Willingness to travel 40 to 60%.
· In-depth understanding of web technologies, common web frameworks, their vulnerabilities and mitigations techniques.
· Demonstrable experience in secure coding practices in common programming languages such as Java and C#.
· Strong understanding and implementation of various Thread Modelling concepts.
· Knowledge about modern security architectural principles around web and micro services.
· Good understanding of cloud infrastructure concepts (virtualization, containerization), OAuth / SAML / OpenID and HTTP protocol.
· Know-how of embedding security into DevOps model.
· Ability to interface with clients, adopting a consultative approach.
· Ability to communicate complex ideas effectively – both verbally and in writing.
· Strong analytical and problem solving skills.
· Ability to translate ideas and thoughts into powerful and effective presentation /andreports.
· Ability to learn quickly and apply learnings to produce effective results.
Beyond and regardless of what you do at work, you should always:
· Learn few things and keep updating your knowledge
· Speak at conference, write blogs and whitepapers
· Actively participate in the local appsec community chapters
|· 10 to 12 years of in driving and performing application security engagements encompassing threat modelling, architecture reviews, secure coding, penetration testing, and training.
· Desirable – 3 to 5 years of software development experience in Java (J2EE) or C# (.NET Frameworks).
|· Masters / Bachelor’s Degree in Computer Science, Engineering or equivalent from reputed universities.
· Relevant certifications to demonstrate technical skills orientated to application security.
31 total views, 1 today