Application Security Planning and Assessment Consultant

Job Description

We are seeking a detail-oriented and highly skilled Application ( App ) [cyber]Security Consultant to join our team. The ideal candidate will be responsible for planning an AppSec program followed by working in a team to conduct AppSec assessment on each app in scope. Key Responsibilities: Work with the client to determine and catalog App Inventory by reviewing CMDB (Configuration Management Database) as we'll as another mechanism (eg, client interviews, etc). Review the large app inventory, determine types of security assessment to administer, formulate prioritization criteria, and decide the sequence of individual assessments based on the priority. Conduct a Gap Analysis to assess the maturity of the current AppSec program, if one exists: o Secure coding standards o AppSec best practices during the application design and development process to ensure security is integrated from the start. o AppSec Training programs for developers to enhance their understanding of secure coding principles and overall AppSec Program. Package the results of analysis (above and more) to deliver an AppSec Assessment Program roadmap. Identify a pilot or proof of concept phase and execute the same by working with the DII and client teams. The work will involve the normal AppSec Assessment activities. Below: o Conduct thorough application security assessments, including penetration testing, vulnerability scanning, and code reviews. o Identify and analyze application vulnerabilities, propose remediation strategies, and assist development teams in implementing solutions. o Collaborate with cross-functional teams to establish secure software development lifecycle (SDLC) processes. o Generate detailed security assessment reports with actionable recommendations for stakeholders. Stay updated on the latest security trends, tools, and vulnerabilities to proactively address emerging threats. Qualifications: Bachelor s degree in computer science, cybersecurity, or a related field (or equivalent experience). 5 years of experience in application security, penetration testing, or similar roles. Strong understanding of application security concepts, frameworks (eg, OWASP), and protocols. Knowledge of one or many of the following themes in AppSec: o CISA - Secure by Design Standard, o OWASP Secure SDLC, o Static and Dynamic SCA, o NIST SP 800-218, o API Security, o SBOM Analysis, o DevOps Readiness, o Software Security Audits, etc Prefer: Proficient in programming languages such as Java, Python, C#, or others relevant to application development. Prefer: Any cybersecurity certifications like CEH, CISSP, GWAPT, or equivalent. Excellent analytical, problem-solving, and communication skills.