Job Description
The Application Security Consultant’s role is to execute professional service offerings that will include application and penetration testing services offering support and execution. This individual is responsible for managing client relations, executing assigned technical projects, and delivering quality work deliverables in an efficient and thorough manner. The Application Security Consultant must understand a wide range of technologies and compliance frameworks to satisfy the client’s needs and expectations.
Primary Duties and Responsibilities include, but are not necessarily limited to, the following:
- Guide and perform security activities, including risk assessments, intrusion, and vulnerability testing, code review, static and dynamic code testing, and penetration testing of web applications.
- Perform findings/vulnerabilities analysis, document results, engage with high-level personnel, discuss findings, provide recommendations, explain testing techniques, and stay current on weaknesses and vulnerabilities.
- Execute engagements, either solo or as a team lead, and produce quality deliverables that meet client business objectives.
- Take a leadership and training role for all new consultants joining the professional services group with a focus on web applications.
- Assist with the development of internally and publicly released DirectDefense tools that will be defined by management.
- Adhere to DirectDefense’s customer commitment.
Minimum Education & Experience
- 5+ years of information security, development, and/or testing experience.
- Knowledge and experience in application technology security testing, including white box, black box, and code review
- Current Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CISA, or similar certifications.
- In-depth knowledge of OWASP’s top 10 weaknesses, and the OWASP testing frameworks.
- Extensive experience with testing tools such as Metasploit, Burp Suite, Kali Linux, and others.
- In-depth knowledge of Microsoft Active Directory, networking, and TCP/IP.
- Minimum of 2 years of experience in a consulting services role, or related internal information security positions.
- Bachelor’s degree in a relevant discipline or equivalent experience.
About us:
DirectDefense provides the most dynamic, automated, and cost-effective managed security services to SMBs, mid-market, and large enterprises. We help our clients maximize their IT security with proprietary systems, processes, and experience.
Since coming together in 2011 to form DirectDefense, our team has been committed to offering managed security strategies that are unmatched in the industry. Whether we are performing assessments of networks, platforms, and applications or applying managed services to improve our client’s organization’s security posture, we are focused on providing world-class services that are tailor-made for our customers.
OUR MISSION We establish partnerships with our clients based on trust and results. We leverage our deep industry knowledge and expertise to identify and remediate blind spots in their security program, provide meaningful visibility of their entire enterprise, and align their organization with security best practices and compliance standards.
OUR VISION We aim to secure organizations across all industries against advanced threats and attacks in today’s world. Acting in partnership with organizations, we provide unmatched information security services designed to improve our client’s overall security posture, close gaps, and track vulnerabilities on an ongoing basis through continued education and support.
As required by Colorado law under the Equal Pay for Equal Work Act, DirectDefense provides a reasonable range of compensation for roles that may be hired in Colorado. Actual salary is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific office location. For the state of Colorado only, the range of starting pay for this role is $100,000 – $120,000 per year.