Sr. Consultant - Application Security, Threat Management | Remote, USA

Overland Park, KS

Optiv

Optiv manages cyber risk so you can secure your full potential. Cybersecurity advisory services and solutions. Powered by the best minds in cyber.

View all jobs at Optiv

This position will be fully remote and can be hired anywhere in the continental U.S.

Optiv's Application Security and Threat Management group is a multi-disciplined consulting team with focus areas on network penetration, malware analysis, vulnerability research, hardware testing, operating system, mobile device, and application testing. The Application Security group focuses on mobile and web application testing, and generally anything in Java, .Net, PHPor Web/Mobile frameworks.

The majority of work is remote (some travel required) and can be hired anywhere in the continental U.S.

How you'll make an impact 

  • Conduct penetration testing using both black box testing techniques as well as in-depth reviews of source code

  • Demonstrate a comprehensive application testing methodology. Identify critical vulnerabilities not detectable by static analysis tools and provided reports, severity classifications, and remediation advice  

  • Perform Gray box application testing. Our normal app assessment approach is a full-knowledge gray box style where we have access to docs, source, a functioning app, and control of the environment. We do also perform straight code reviews or black box testing, and all consultants need to be comfortable with both

  • Our Sr. Consultants know how to approach a large code review and be experienced with current static analysis tools. You should be able to look at a codebase and prioritize code for top-down as well as create signatures for components that aren’t covered with the base toolset. Aid in vulnerability remediation efforts by working alongside developers as well as directly contributing to the code base

  • Perform mobile application testing to understand the threat classes for mobile apps on the iOS and Android platforms

  • Secure SDLC consulting for Agile / DevOps 

  • Perform Secure SDLC Assessments; familiarity with SAMM or BSIMM. Threat Modeling and SDL processes, as per the MS guidelines

  • Perform or lead Threat Modeling efforts for multiple application deployments (on-prem, cloud, mobile)

  • Provide security recommendations on service design and application development

  • Create Policies and Standards for application security governance

  • Leverage SAST, DAST, and penetration testing to identify risks and appropriate mitigations

  • Leverage SCA and assist with implementing software supply chain security controls and the creation SBOMs

  • Track known vulnerabilities, their remediation statuses, and remediation metrics

  • Present application security concerns to leadership for decision making when necessary

  • Work closely with cross-functional teams (Engineering, DevOps, Product, Operations, SOC)

What we're looking for 

  • 4+ years’ experience in a directly related role required

  • 2+ years’ consulting and/or enterprise experience required 

  •  Strong understanding of software development lifecycle (SDLC) and development methodologies

  • Development experience in one or more of these areas: JavaScript; SQL; Java; C#; Python; js; AngularJS; Swift; Objective-C; Net (C#/Net), Java, Ruby, PHP, Python, along with common dev frameworks such as Spring Core/Boot/MVC, Hibernate, JSF/JSP, Ruby On Rails, Sinatra, Entity Framework, WCF 

  • Must be willing to travel 20-40% as required

Things we like to see

CVE's, links to your con presentation (or your con), tools, research papers, generally anything that can demonstrate you know your stuff when it comes to web and mobile applications. 

#LI-SM1 

What you can expect from Optiv

  • A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
  • Work/life balance
  • Professional training resources
  • Creative problem-solving and the ability to tackle unique, complex projects
  • Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
  • The ability and technology necessary to productively work remotely/from home (where applicable)

EEO Statement

Optiv is an equal opportunity employer (EEO). All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law.

Optiv respects your privacy. By providing your information through this page or applying for a job at Optiv, you acknowledge that Optiv will collect, use, and process your information, which may include personal information and sensitive personal information, in connection with Optiv’s selection and recruitment activities.  For additional details on how Optiv uses and protects your personal information in the application process, click here to view our Applicant Privacy Notice. If you sign up to receive notifications of job postings, you may unsubscribe at any time.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  3  1  0

Tags: Agile Android Application security Black box BSIMM C Cloud DAST DevOps Governance iOS Java JavaScript Malware Pentesting PHP Privacy Python Ruby SAMM SAST SDLC SOC SQL Vulnerabilities Web application testing

Perks/benefits: Career development

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.