Application Security Consultant | Remote, USA

Who we are looking for:The Application Security consultant has strong experience with secure application development and application security assessments. The ideal candidate will understand a wide range of technologies, programming languages and application frameworks to identify risks and vulnerabilities in client applications and supporting environments.Our consultants are skilled technical and consultative resources expected to be strong in both technical and soft skills. A consultant must be a proven self-starter with the ability to problem-solve, communicate, participate in diverse project teams from a technical perspective, and interface effectively with customers, vendor partners, and colleagues.

How you’ll make an impact:

• Perform application security assessments, penetration tests, and secure code reviews through client services engagements.
• Write status updates and final deliverables during client engagements.
• Provide tactical and strategic guidance and detailed remediation advice help clients achieve stronger security postures.
• Build and maintain professional relationships with client stakeholders and provide them with information about application security and secure development lifecycle topics.
• Track and monitor current and trending practices in software engineering and application security, including DevOps/DevSecOps and Agile development practices.
• Experience conducting manual secure code reviews, preferably covering multiple development languages.
• Experience leveraging static application security testing (SAST) tools to scan source code, analyze results, validate true positives, remove false positives, and demonstrate exploitability of findings in a dynamic testing environment.
• Experience working with software composition analysis (SCA) tools to identify vulnerable application components, analyze reachability/exploitability of vulnerable libraries and dependencies, and demonstrate exploitability of findings in a dynamic testing environment.
• Experience performing manual dynamic application testing, including the ability to identify critical vulnerabilities not detectable by static analysis tools.
• Experience providing detailed security testing reports, ideally when leveraging custom taxonomies for finding severity classifications
• Experience providing targeted technical remediation advice.

Qualifications for Success:

• Practical experience (1-3 years) in an application security role that included manual testing
• Previous job experience in an information security consulting services or enterprise security team role
• Ability to travel 20% of the time to client sites
• Deep understanding of software security architecture and design
• Ability to work with diverse and dynamic teams
• Successful implementation of application testing methodologies for web applications and APIs
• Ability to assess mobile applications on IOS and Android platforms is a plus
• BA/BS degree preferred in computer science, software engineering, cybersecurity, or mathematics strongly preferred
• One or more security certifications preferred: CISSP, CSSLP, OSCP, OSWE, OSCE, GPEN, GWAPT, eWPTX
• #LI-NA1

If you are seeking a culture that supports growth, fosters success, and moves the industry forward, find your place at Optiv! As a market-leading provider of cyber security solutions, Optiv has the most comprehensive ecosystem of security products and partners to deliver unparalleled services. Our rich and successful history with our clients is based on trust, serving more than 12,000 clients of varying sizes and industries, including commercial, government, and education. We have the proven expertise to plan, build, and run successful security programs across Risk Management, Cyber Digital Transformation, Threat Management, Security Operations - Managed Services, and Identity and Data Management.What you can expect from Optiv• A company committed to championing Diversity, Equality, and Inclusion through our Affinity groups including, Black Employee Network, Disabled Employee Network, Latino Employee Network, Optiv Pride (LGBTQIA+), Veterans Support Network, and Women's Network.• Work/life balance. • Professional training resources• Creative problem-solving and the ability to tackle unique, complex projects• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.• The ability and technology necessary to productively work remotely/from home (where applicable)Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law. Optiv respects your privacy.  By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities.  For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.