Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Application Offensive Security Consultant

S

StaffWorthy Inc

Application Offensive Security Consultant

Jersey City, NJ
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Title: Application Security Consultant - Secure Code Review

    Experience Level: Mid-senior

    Experience Required: 6 Years

    Education Level: Bachelor's degree

    Job Function: Information Technology

    Industry: Financial Services

    Pay Rate: $65 per hour

    Total Position: 1

    Relocation Assistance: No

    Visa Sponsorship Eligibility: No

    Our hiring manager is seeking a talented individual with a strong background in programming and DevSecOps who can effectively perform secure code review, employing both manual and tool-based techniques. We prefer candidates with proficiency in multiple programming languages, including but not limited to Java, C, C++, Python, etc.

    This role offers the opportunity for a Contract to Hire arrangement!

    Why you'll appreciate this role:

    As a member of the Application Security team, you will contribute to the Technology Risk initiative by conducting offensive security assessments on applications and providing expert guidance to key projects.

    The Application Security Consultant - Secure Code Reviewer will take on the responsibility of offering technical guidance and conducting secure code reviews on applications. This role requires a deep understanding of application security vulnerabilities, secure coding practices, software development life cycles (SDLC), offensive security methods, and Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).

    Key Responsibilities:

    - Conduct comprehensive manual secure code reviews for various applications.

    - Utilize manual analysis techniques to identify vulnerabilities in source code.

    - Collaborate with application development teams to gather essential application details.

    - Prepare vulnerability reports in a predefined format following manual testing.

    - Provide developers and business teams with detailed vulnerability reports and remediation recommendations.

    - Integrate risk and control processes into daily tasks to monitor and mitigate security risks, escalating as necessary.

    - Create reports summarizing assessment findings and technical issues identified during security assessments.

    - Perform threat modeling, design assessments, and code reviews to evaluate security implications and requirements.

    - Serve as a subject matter expert and respond to inquiries related to Application Defense enhancements from various teams, including Security Architects, Product Managers, Risk Managers, and others.

    Qualifications:

    - A minimum of 3+ years of experience in secure code review.

    - At least 5+ years of experience in application security.

    - Proven expertise in manual secure code review techniques.

    - Possession of a Bachelor's degree or equivalent work experience.

    - A minimum of 5 years of experience in application security.

    - A minimum of 3 years of experience in detecting and analyzing vulnerabilities in at least two of the following programming languages: Java, C#, C/C++, Python, PHP.

    - Ability to effectively explain vulnerabilities and weaknesses listed in OWASP Top 10 and SANS Top 25 to a wide audience while discussing defensive techniques.

    - Proficiency in application security best practices with a focus on secure coding.

    - Capability to work effectively under pressure, manage multiple tasks, and adapt to changing circumstances.

    - Experience in utilizing commercial tools such as Fortify, Veracode, SonarQube, or similar tools for analysis.