Principal Application Security Consultant
GuidePoint Security offers an inclusive set of Application Security services, including Application Security Assessments for various application types (web, mobile, IoT, thick client), Threat Modeling, Source Code Reviews, Application Architecture Reviews, Application Security Program Management, Secure Development Training, and Secure SDLC Implementation.
The Principal Application Security Consultant joins GuidePoint’s elite team of Application Security experts to deliver the aforementioned services, which involves performing assessments, communicating with clients, delivering comprehensive reports, and providing remediation guidance. Along with providing pre-sales support to clients when needed and scoping out custom assessments. You will spend your time focusing on challenging projects and solving complex problems. Our clients will rely on your experience, adaptability, and creativity to identify application security issues that others often miss.
GuidePoint Security’s Application Security team's offerings consistently evolve with the security industry and risks that modern environments face.
Role Requirements
Deliver Application Security services, including but not limited to Application Security Assessments for various application types (web, mobile, IoT, thick client), Threat Modeling, Source Code Reviews, Application Architecture Reviews, Application Security Program Management, Secure Development Training, and Secure SDLC Implementation
Provide pre-sales and scoping support to clients when needed for custom engagements
Author comprehensive assessment deliverables that are proficiently tailored to both technical and managerial audiences and fully detail the technical execution, core deficiencies, business impact, and realistic remediation strategies
Identify, qualify, and conduct Application Security research projects
Contribute to marketing initiatives via activities such as publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
Utilize automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clients
Assist with Practice development, including improving existing offerings, creating new offerings, and mentoring team members
Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry.
Foster client relationships by providing support, information, and guidance
Maintain a strong desire to learn, adapt, and improve along with a rapidly-growing company
Perform other duties as assigned
Education, Credentials, and Experience
Experience with testing tools such as Burp Suite, Postman, Netsparker, sqlmap, DirBuster, OpenSSL, etc.
Experience reviewing source code written in JavaScript, Python, Java, C++, PHP, or C#.
In-depth knowledge of testing methodologies and when to creatively deviate from structured processes
Deep understanding of a broad range of Application Security issues as well as their mitigation strategies
Understanding of reverse engineering concepts, as well as tools involved such as debuggers, disassemblers, and operating system monitoring utilities
Internal operational DevSecOps experience is preferred.
Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information during live conversations, formal deliverables, white papers, and case studies
InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing experience, is strongly preferred.
Standard industry certifications are preferred.
Minimum of 4 years of experience in Application Security or related roles
Minimum of 2 years of experience in a consulting services role or related internal information security positions
Bachelor’s degree in a relevant discipline or equivalent experience
Travel up to 20%
About the job
Apply for this position
Principal Application Security Consultant
GuidePoint Security offers an inclusive set of Application Security services, including Application Security Assessments for various application types (web, mobile, IoT, thick client), Threat Modeling, Source Code Reviews, Application Architecture Reviews, Application Security Program Management, Secure Development Training, and Secure SDLC Implementation.
The Principal Application Security Consultant joins GuidePoint’s elite team of Application Security experts to deliver the aforementioned services, which involves performing assessments, communicating with clients, delivering comprehensive reports, and providing remediation guidance. Along with providing pre-sales support to clients when needed and scoping out custom assessments. You will spend your time focusing on challenging projects and solving complex problems. Our clients will rely on your experience, adaptability, and creativity to identify application security issues that others often miss.
GuidePoint Security’s Application Security team's offerings consistently evolve with the security industry and risks that modern environments face.
Role Requirements
Deliver Application Security services, including but not limited to Application Security Assessments for various application types (web, mobile, IoT, thick client), Threat Modeling, Source Code Reviews, Application Architecture Reviews, Application Security Program Management, Secure Development Training, and Secure SDLC Implementation
Provide pre-sales and scoping support to clients when needed for custom engagements
Author comprehensive assessment deliverables that are proficiently tailored to both technical and managerial audiences and fully detail the technical execution, core deficiencies, business impact, and realistic remediation strategies
Identify, qualify, and conduct Application Security research projects
Contribute to marketing initiatives via activities such as publishing research, speaking at industry conferences, authoring blog articles and whitepapers, hosting webinars, and developing security tools
Utilize automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet the rapidly changing needs of our clients
Assist with Practice development, including improving existing offerings, creating new offerings, and mentoring team members
Perpetually strengthen relevant skills, knowledge, and abilities to stay at the forefront of the information security industry.
Foster client relationships by providing support, information, and guidance
Maintain a strong desire to learn, adapt, and improve along with a rapidly-growing company
Perform other duties as assigned
Education, Credentials, and Experience
Experience with testing tools such as Burp Suite, Postman, Netsparker, sqlmap, DirBuster, OpenSSL, etc.
Experience reviewing source code written in JavaScript, Python, Java, C++, PHP, or C#.
In-depth knowledge of testing methodologies and when to creatively deviate from structured processes
Deep understanding of a broad range of Application Security issues as well as their mitigation strategies
Understanding of reverse engineering concepts, as well as tools involved such as debuggers, disassemblers, and operating system monitoring utilities
Internal operational DevSecOps experience is preferred.
Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into digestible pieces of information during live conversations, formal deliverables, white papers, and case studies
InfoSec community involvement, such as conference speaking, blog/whitepaper authoring, and podcast speaking/producing experience, is strongly preferred.
Standard industry certifications are preferred.
Minimum of 4 years of experience in Application Security or related roles
Minimum of 2 years of experience in a consulting services role or related internal information security positions
Bachelor’s degree in a relevant discipline or equivalent experience
Travel up to 20%