Consultant - Application Security

At Optiv, we’re on a mission to help our clients make their businesses more secure. We’re one of the fastest-growing companies in a truly essential industry.In your role at Optiv, you’ll be inspired by a team of the brightest business and technical minds in cybersecurity. We are passionate champions for our clients and know from experience that the best solutions for our clients’ needs come from working hard together. As part of our team, your voice matters, and you will do important work that has an impact, on people, businesses, and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We’re proud of our team and the important work we do to build confidence for a more connected world.Who we are looking for:The Application Security consultant has strong experience with secure web application development and application security assessments. The ideal candidate will understand a wide range of technologies, programming languages and application frameworks to identify risks and vulnerabilities in customer systems. This particular role has a focus in AppSec testing and remediation.

How you will make an impact:

• Provide tactical and strategic guidance and detailed remediation advice aimed at helping clients achieve strong security postures
• Maintain relationships with clients and provide them with information about application security and secure development lifecycle topics
• Perform application vulnerability scan, security assessment, and secure code review activities for clients
• Write deliverables and daily status updates during client engagements
• Triage client vulnerability scan results, including false positive removal 
• Provide mitigation review and remediation coaching expertise to client development teams
• Develop client process documentation for application on-boarding, scanning, triage, and remediation
• Define client AppSec policies based on scan requirements and vulnerability remediation SLAs
• Suggest changes to client scan policies and strategies to improve scan performance and program maturity
• Track and monitor current and trending practices in software engineering, DevOps, and application security
• Obtain and evolve technical expertise, certifications, and industry credentials through formal and informal training and other educational initiatives
• Contribute content to the Optiv blog and present on security in webinars and at conferences

Qualifications for success

• 3+ years of experience in an enterprise application developer or security champion role 
• Strong understanding of software security architecture and design
• Strong familiarity with Agile and DevOps principles
• Experience using modern development tools, languages, frameworks, and package managers
• Experience with build automation and issue tracking platforms a plus
• Experience remediating security bugs and vulnerabilities at the source code and dependency levels
• Ability to describe Secure SDLC best practices, especially to drive remediation of software vulnerabilities
• Ability to explain open-source security and software supply chain risks
• Experience working with open source and commercial SAST, DAST, and SCA technologies
• Deep knowledge of CVE, CWE, CVSS, and common vulnerability classes
• BA/BS degree preferred in computer science, engineering, math, statistics, or information systems
• Hold one or more security certifications: CEH, ECSA, eWPT, eMAPT, eWPTX, etc. 
• Advanced certifications (CISSP, OSCP, OSWE, GWAPT, GPEN) a plus
• Ability to work U.S. hours for at least 2 years

If you are seeking a culture that supports growth, fosters success, and moves the industry forward, find your place at Optiv! As a market-leading provider of cyber security solutions, Optiv has the most comprehensive ecosystem of security products and partners to deliver unparalleled services. Our rich and successful history with our clients is based on trust, serving more than 12,000 clients of varying sizes and industries, including commercial, government, and education. We have the proven expertise to plan, build, and run successful security programs across Risk Management, Cyber Digital Transformation, Threat Management, Security Operations - Managed Services, and Identity and Data Management.With Optiv you can expect:• A company committed to championing Diversity, Equality, and Inclusion through our Affinity groups including, Black Employee Network, Disabled Employee Network, Latino Employee Network, Optiv Pride (LGBTQIA+), Veterans Support Network, and Women's Network.• Work/life balance. • Professional training resources• Creative problem-solving and the ability to tackle unique, complex projects• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.• The ability and technology necessary to productively work remote/from home (where applicable)Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law.