Consultant Application & Offensive Security - Remote

About The Position

Requirements

• Bachelor’s degree in Computer Science, Engineering, Information Systems, Cyber Security or a related field or an equivalent combination of education and experience.
• 8-10 or more years of progressive experience with application security and offensive security protocols.
• Demonstrated experience building or supporting secure coding and application security programs, including development and adoption of secure coding standards and patterns.
• Demonstrated experience conducting manual application penetration testing or adversarial security assessments, with the ability to assess exploitability and real‑world impact.
• Strong expertise in secure SDLC practices and embedding security controls into CI/CD pipelines and development workflows.
• Deep understanding of web and API security, including OWASP Top 10 vulnerabilities, authentication, authorization, and data protection concepts.
• Hands-on experience performing application threat modeling and security assessments, with the ability to translate findings into secure design recommendations.
• Experience integrating and utilizing application security tooling (SAST, DAST, SCA) and guiding development teams on remediation.
• Ability to apply a risk-based approach to vulnerability management, considering business impact, exploitability, and exposure.
• Proven ability to collaborate with and influence development teams, providing actionable guidance and communicating security concepts to technical and non-technical stakeholders.

Responsibilities

• Designs, develops, and supports the implementation of a Secure Coding Center of Excellence (CoE), including operating model, standards, and governance.
• Embeds secure development lifecycle (SDLC) practices into development processes by integrating security controls into CI/CD pipelines and developer workflows.
• Develops, documents, and promotes adoption of enterprise secure coding standards and patterns across multiple development teams and technology stacks.
• Performs platform application security assessments and threat modeling to identify design weaknesses and exploitable conditions.
• Provides clear, actionable remediation guidance to development teams, translating security findings into practical development fixes.
• Drives adoption of secure coding practices by partnering with development, product, and DevOps teams and influencing design and development decisions.
• Implements and optimizes application security tooling and augment automated results with manual and adversarial testing where tooling falls short.
• Develops and delivers role-based secure coding training and developer enablement programs, including support for security champions initiatives.
• Analyzes vulnerability data and application risk to support risk-based prioritization and reduction of systemic weaknesses.
• Defines, tracks, and reports on application security metrics and KPIs, including vulnerability trends, remediation timelines, and defect recurrence.
• Advises stakeholders on alignment with industry frameworks and standards (e.g., NIST CSF, Zero Trust, OWASP) and supports audit and compliance requirements.
• Contributes to continuous improvement of application security practices by identifying opportunities to standardize, automate, and scale controls across the enterprise.
• Collaborates cross-functionally with security, architecture, development, and operations teams to drive consistent and sustainable security practices.
• Performs manual application security testing, including deep-dive code-assisted analysis and adversarial testing techniques, to identify exploitable vulnerabilities beyond automated tooling.
• Validates the effectiveness of secure coding standards and SDLC controls through offensive testing and exploitation-driven analysis.
• Partners with development teams to reproduce, exploit, and remediate complex application vulnerabilities.
• Supports penetration testing and offensive security initiatives by providing application-layer expertise, design review, and exploitability analysis.

Benefits

• Actual compensation will fall within the range but may vary based on factors such as experience, qualifications, education, location, licensure, certification requirements, and comparisons to colleagues in similar roles.