Jobs
Coalfire logoCoalfire

Senior Consultant - Application Security

About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.  But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.   And we’re growing fast. We’re looking for a Senior Consultant - Application Security to support our Application Security teamPosition Summary The Sr. Consultant works closely with Project Managers, Delivery Directors and other Delivery team members to lead enterprise engagements assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks.  The Sr. Consultant is a technical leader with broad and deep technical skills, meeting the objectives of their engagements, collaborating with clients, mentoring teammates and providing subject matter expertise across 1 or more technical domains.  The Sr. Consultant becomes a trusted advisor to clients and through objective testing and results reporting, supports the customer in making well-informed risk-based decisions to improve overall security posture.   Partnering with Sr. Managers and Directors and Mentoring junior staff are key to the Sr. Consultant role, ensuring that the expertise built over time is transferred to more junior teammates.  Senior Consultants continue to deepen their skills and broaden their impact both internal to Coalfire as well as in the Security Community.

What You'll Do:

  • Working independently and collaboratively with a team to both lead and support the following work activities where skills apply:
  • Internal and External Network Penetration Testing
  • Application Penetration Testing (Browser-based, API, Mobile)
  • Cloud Solution Penetration Testing
  • Social Engineering
  • Wireless Assessments
  • Physical Assessments
  • Red/Purple Team Exercises
  • Threat Modeling
  • Hardware/IoT Testing
  • Advises clients on technical security or compliance activities
  • Manages priorities and tasks to achieve delivery utilization targets.
  • Operates with professionalism both internally and with clients.
  • Ensures quality products and services are delivered on time.
  • Continues to develop professional skills with relevant industry specific certifications. Maintains strong depth of knowledge in the practice area.
  • Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
  • Escalates client and project-related issues to management in a timely manner to inform and engage the necessary resources to address the issue.
  • Contributes to thought leadership initiatives through conference speaking and R&D functions.
  • Other duties as assigned
  • Standard office environment.
  • Ability to travel up to 20%

Required skills and experience:

  • Network/host-based penetration testing tradecraft and methodologies.
  • Wireless network penetration testing tradecraft and methodologies.
  • Application penetration testing tradecraft and methodologies (including browser-based, API and Mobile).
  • Cloud Service penetration testing tradecraft and methodologies.
  • Scripting in two or more languages such as Python, Powershell, Shell, or Ruby 
  • Excellent verbal and written communication skills including technical writing of assessment reports, presentations and operating procedures.
  • Client-centric consulting with high level of collaboration.
  • Personal drive to build skillset to meet business expectations.
  • Shows an aptitude for leadership both through project leadership and by mentoring junior teammates.
  • Strong understanding of security principles, policies, and industry best practices.
  • Strong understanding of various compliance frameworks (PCI DSS, FedRAMP, etc.).
  • Four to Seven (4-7) years of experience in an Information Security consulting role with specific experience across the following technical domains:
  • System administration and/or Network administration in both Windows and *nix.
  • Network/host-based (wired and wireless) penetration testing.
  • Application penetration testing including browser-based interfaces, API’s and Mobile applications.
  • Cloud Service penetration testing.
  • Social Engineering including Phishing, Pretexting/Vishing and Physical testing.
  • Scripting in 2 or more languages in support of penetration testing execution (sh, bash, csh, tcl, Python, Powershell, etc.)
  • Experience testing against one or more IT security compliance frameworks, such as PCI, FISMA, HIPAA, FEDRAMP, or HITRUST
  • Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications and PTES (Penetration Testing Execution Standard).
  • At least 2 Relevant certifications (e.g. OSCP/E, GWAPT, GPEN, GMOB, AWAE, etc.) or appropriate/equivalent educational experience.
  • Bachelor's Degree, or equivalent job experience

Preferred skills and experience:

  • Cloud Service penetration testing tradecraft and methodologies across multiple service providers (e.g. AWS, GCP, etc.).
  • Mobile platform and application penetration testing tradecraft and methodologies across both widely-used platforms (iOS and Android).
  • Red/Purple Team tradecraft and methodologies.
  • Social engineering in all its forms.
  • Two (w) or more years’ experience in any of the following:
  • Cloud Service penetration testing specifically against AWS and GCP services.
  • Mobile device and application penetration testing on both iOS and Android platforms.
  • Red/Purple team operations.
  • Social engineering in all its forms.
  • Threat Modeling.
  • Exploit development.
  • Reverse engineering.
  • Hardware/Firmware/IoT penetration testing.
  • Continued Work Toward additional advanced certifications (e.g.OSCE, GWAPT, GPEN, GXPN, GMOB, AWAE, etc.)
Why you’ll want to join us: At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like flexible time off, certification and training reimbursement, and comprehensive insurance options.  At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $86,000 to $148,000 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs.

Cyber Security Jobs by Category

Full Time jobsConsultant jobsConsulting jobsApplication Security jobsWindows jobs

Cyber Security Salaries

Full Time SalaryConsultant SalaryConsulting SalaryApplication Security SalaryWindows Salary