The Senior Application Security Senior Consultant is a team contributor role within Forward Security’s Application and Cloud Infrastructure Security Services domain, responsible for service delivery as well as improvement and growth.
The Application Security sub-domain uses industry-leading processes and provides application security architecture and design, risk assessment, Security DLC and CI/CD adoption, and managed services to medium sized businesses in the finance, health, e-commerce, and technology sectors.
At Forward Security, we foster a culture of collaboration, excellence, openness, community, and teamwork. We are passionate about security and aim to build a world-class team of like-minded individuals who share the same vision as we do. Our progressive culture favours goals rather than a “9-5” schedule, allowing you to enjoy a work life that’s flexible to your lifestyle.
Responsibilities
• Lead engagements from start to completion, working closely with internal and external teams.
• Provide application security services including design review and pentesting of web, mobile, or desktop applications using automation tools as well as manual methods.
• Create and deliver application security design documents and risk assessment reports.
• Design application security solutions to meet clients’ needs.
• Review issues identified and related remediation with clients and assist with implementation.
• Work closely with client’s development teams and assist with secure development activities
• Champion cross-domain collaboration and coordination of security efforts.
• Provide Application Security subject matter expertise, peer reviews, and mentorship.
• Assist with Cloud Infrastructure security and engagements in other domains as appropriate.
• Contribute to Forward Security’s growth and role as an industry leader by delivering best-in class services.
• Assist with technical sales of application security and other services.
• Identify areas for process improvement and automation, and aid in efforts to implement the recommendation as appropriate.
• Provide regular updates to Forward Security leadership on key activities, metrics, accomplishment, and blockers.
• Partake in educational activities including attending appropriate training and conferences.
• Uphold a high quality of standard and remain true to Forward’s values in all respects.
Qualifications
• Bachelor’s degree in Computer Science, Computer Engineering or equivalent.
• 3+ years of work experience in an Information Security role, with min. 2 year in Application Security.
• 2+ years of modern software development experience (API expertise is a plus).
• Strong understanding of secure software design, development methodologies, and principles.
• Good knowledge of programming languages such as Java, JavaScript, C#, Python, or C/C++, as well as related application development frameworks.
• Ability to identify and protect against web and mobile applications security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
• Experience with static and dynamic security analysis tools, as well as black-box and white-box methodologies.
• Knowledgeable of tactics, techniques, and procedures used for software security exploitation.
• Experience with application security architecture, design consulting, and risk assessment using industry leading processes and methodologies.
• Ability to create and execute test plans and provide supporting documentation and metrics.
• Knowledge of authentication and authorization protocols such as OpenID, OpenID Connect, OAuth, and SAML, as well as applied cryptography.
• Familiarity with cloud platforms and automated security assessment tools
• Contributions to the security community such as research, presentations, public CVEs, bug bounty recognitions, open-source projects, and blogs or publications.
• Highly motivated, self-starter, team player, and driven to overcome obstacles.
• Excellent communication and executive-level presentation skills.
• Passionate about software and security with an Ethical Hacker mindset.