Application Security Engineer 3

Application Security Engineer III

Senior Application Security Consultant

Key Responsibilities

• Lead AppSec Program maturity assessments using frameworks like BSIMM, NIST SSDF, and OWASP SAMM, including stakeholder interviews, evidence collection, and scoring.
• Design and deliver Strategic Roadmaps outlining target states, 12-36-month plans, resource needs, and success metrics.
• Facilitate workshops with executive, engineering, and AppSec leadership to align initiatives with organizational risk and compliance goals.
• Deliver compelling, executive-level presentations and recommendations to CISOs, CTOs, and software leadership teams.
• Contribute to internal tools and accelerators (e.g., maturity scoring tools, roadmap templates, reporting dashboards).
• Support thought leadership through whitepapers, webinars, and conference presentations on secure software development and governance.

Qualifications

Must to have:

• 5 - 8 years of experience in

  application security, software assurance, or product security consulting

  .
• Strong knowledge of frameworks such as

  BSIMM, NIST SSDF, or OWASP SAMM

  .
• Experience with

  Open-Source Software (OSS) security

  , including identification, tracking, and remediation of vulnerabilities in third-party components.
• Familiarity with Software Bill of Materials (SBOM) standards and tools (e.g., SPDX, CycloneDX), and their role in software supply chain transparency and compliance
• Proven experience in developing or executing maturity models, capability assessments, or multi-year roadmaps for AppSec or DevSecOps programs.
• Hands-on experience with secure software development practices, including familiarity with SDLC, CI/CD pipelines, and code-level security controls.
• Excellent verbal and written communication skills, with the ability to translate technical findings into clear, executive-level narratives and actionable plans.
• Strong presentation and facilitation skills in client-facing environments.

Nice to have:

• Prior consulting experience with a

  Big Four, boutique AppSec consultancy, or internal software security governance team

  .
• Experience in software supply chain risk management (SSCRM), AI/ML assurance, or DevSecOps pipeline design.
• Background in

  software development (e.g., Java, Python, C#)

  and experience working within secure SDLCs.
• Industry certifications such as CEH, CISSP, CISM, or equivalent.

What You ll Deliver

• Comprehensive AppSec Program Roadmaps, maturity assessments, and framework-aligned reports.
• Visuals and documentation for capability maturity models and strategic planning.
• Executive summaries and strategic recommendations tailored to leadership audiences.