Cyber - AppSec - BOA SCA Consultant

Responsibilities:

• Perform manual code review against common programming languages (Java, .NET)
• Perform automated testing of running applications and static code (SAST, DAST)
• Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Create new testing methods to identify vulnerabilities and entry points that attackers may use to exploit applications, networks, and systems
• Provide technical leadership and advice to team members on penetration test engagements
• Operate independently with little to no guidance from Lead Specialists
• Converse with technical and non-technical audiences to articulate both testing processes, techniques and results 
• Guide technical audiences on remediation options and assist them in weighing those options
• Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests

Qualifications:
•   Formal programming experience is a must – at least 6 months
•Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan,NetsSparker,Acunetix,  Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent
•Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs
•Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations
•Preferred three (3) years of experience in development of web applications and/or APIs
•Experience in one or more of the following a plus: mobile application testing, application architecture and business logic analysis
•Bachelor Degree from an accredited college/university or equivalent industry experience
•One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Responsibilities:

• Perform manual code review against common programming languages (Java, .NET)
• Perform automated testing of running applications and static code (SAST, DAST)
• Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Create new testing methods to identify vulnerabilities and entry points that attackers may use to exploit applications, networks, and systems
• Provide technical leadership and advice to team members on penetration test engagements
• Operate independently with little to no guidance from Lead Specialists
• Converse with technical and non-technical audiences to articulate both testing processes, techniques and results 
• Guide technical audiences on remediation options and assist them in weighing those options
• Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests

Qualifications:
•   Formal programming experience is a must – at least 6 months
•Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan,NetsSparker,Acunetix,  Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent
•Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs
•Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations
•Preferred three (3) years of experience in development of web applications and/or APIs
•Experience in one or more of the following a plus: mobile application testing, application architecture and business logic analysis
•Bachelor Degree from an accredited college/university or equivalent industry experience
•One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Prior Experience:

The candidate must have 5 years of relevant experience in a similar role, preferably in a professional services organization.