Consultant - Application Security Penetration Tester | Remote US

What You'll Do

• Work independently and collaboratively with a team to both lead and support engagements
• Application Penetration Testing (Browser-based, API, Mobile, IoT, Cloud)
• Threat Modeling
• Source Code Reviews
• Advise clients on technical security or compliance activities.
• Manage priorities and tasks to achieve utilization targets.
• Operate with professionalism both internally and with clients.
• Ensure quality reports and services are delivered efficiently and on time.
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables
• Communicate with client stakeholders to include leadership, systems and network administrators, security engineers, development, and support teams.
• Enhance and maintain cloud service provider technical testing methodologies and standards.
• Lead and support penetration testing projects through their entirety.
• Contribute to thought leadership initiatives through blogs, conference speaking, and/or R&D functions.

What You'll Bring

• Proven track record of success managing client engagements.
• A thorough understanding of the Secure Development Life Cycle
• A working knowledge of popular web technologies and languages such as .NET, Java EE, Node.js, Rails or JavaScript
• Working knowledge of web service protocols and hosting technologies
• Familiarity with code scanning and dynamic analysis tools
• Application penetration testing and assessment tradecraft and methodologies (including browser-based, API, thick client, and mobile testing)
• Strong working knowledge of at least two programming or scripting languages, and the ability to read code regardless of the language in which it is written
• Excellent verbal and written communication skills, including technical writing of assessment reports, presentations, and operating procedures
• Client-centric consulting with high level of collaboration
• Strong understanding of security principles, policies, and industry best practices
• Ability to travel up to 10% (potentially & during normal circumstances)

Bonus Points

• Experience in a consulting/professional services role.
• Experience in Application Security and/or Software Development
• Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g. AWS, GCP, etc.).
• Familiarity with DevOps engineering concepts, infrastructure automation, pipelines, version control, and deployment strategies are also a plus.
• Deep, progressive experience with AWS security concepts, including IAM, STS, and AWS specific security controls and security architecture design patterns. Professional-level AWS certifications (SAP/DEP), or AWS Specialty certifications with supporting professional experience. Experience with server-less design concepts and supporting services including S3, SQS, SNS, CloudFront, DynamoDB, Lambda and, API Gateway.
• Knowledge of advanced/niche AWS services, including Cognito, IoT Core, or SageMaker are a major plus.
• Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android).
• Microservices testing
• Experience with DevOps and/or Security Maturity Modelling (e.g. OWASP SAMM)
• Testing IoT devices and software
• Network/host-based penetration testing tradecraft and methodologies.