The Senior Application Security Senior Consultant is a team contributor role within Forward Security’s Application and Cloud Infrastructure Security Services domain, responsible for service delivery as well as improvement and growth.
The Application Security sub-domain uses industry-leading processes and provides application security architecture and design, risk assessment, Security DLC and CI/CD adoption, and managed services to medium sized businesses in the finance, health, e-commerce, and technology sectors.
At Forward Security, we foster a culture of collaboration, excellence, openness, community, and team work. We are passionate about security and aim to build a world-class team of like-minded individuals who share the same vision as we do. Our progressive culture favours goals rather than a “9-5” schedule, allowing you to enjoy a work life that’s flexible to your lifestyle.
Key Responsibilities
- Lead engagements from start to completion, working closely with internal and external teams.
- Provide application security services including design review and pentesting of web, mobile, or desktop applications using automation tools as well as manual methods.
- Create and deliver application security design documents and risk assessment reports.
- Design application security solutions to meet clients’ needs.
- Review issues identified and related remediation with clients and assist with implementation.
Minimum Qualifications:
- Bachelor’s degree in Computer Science, Computer Engineering or equivalent.
- 3+ years of work experience in an Application Security role
- 3+ years of modern software development experience (API expertise is a plus).
- Strong understanding of secure software design, development methodologies, and principles. • Good knowledge of programming languages such as Java, JavaScript, C#, Python, or C/C++, as well as related application development frameworks
- Ability to identify and protect against web and mobile applications security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
- Experience with static and dynamic security analysis tools, as well as black-box and white-box methodologies.