[Remote] Senior Application Security Consultant, Strategic Services- Remote (Anywhere in the U.S.)
Note: The job is a remote job and is open to candidates in USA. GuidePoint Security is a rapidly growing cybersecurity firm that provides trusted expertise, solutions, and services to help organizations minimize risk. As a Senior Application Security Consultant within Strategic Services, you will deliver application security services, engage with clients, and contribute to the evolution of service offerings in response to emerging threats.ResponsibilitiesDelivering Application Security services, including Application Threat Modeling, Application Architecture Reviews, and AppSec/DevSecOps Program AssessmentsAuthor comprehensive assessment deliverables tailored to both technical and managerial audiences detailing technical execution, deficiencies, business impact, and remediation strategiesUnderstanding of application security landscape, tools, methodologies, and frameworks such as OWASP SAMM, OWASP DSOMM, NIST SSDF, SLSA, NIST AI RMF, and MITRE ATLASDeep understanding of application security issues, mitigation strategies, and common security controlsAbility to analyze and understand complex application architecturesExperience working directly within development teams and integrating security into the SDLCAssist with Practice development, improving offerings, and mentoring team membersContribute to marketing initiatives via research, speaking, writing, and tool developmentFoster client relationships through support, information, and guidance while managing concurrent client engagementsDemonstrates a startup mentality with a highly driven, high-performance approach to workSkillsWillingness to travel up to 10%Delivering Application Security services, including Application Threat Modeling, Application Architecture Reviews, and AppSec/DevSecOps Program AssessmentsAuthor comprehensive assessment deliverables tailored to both technical and managerial audiences detailing technical execution, deficiencies, business impact, and remediation strategiesUnderstanding of application security landscape, tools, methodologies, and frameworks such as OWASP SAMM, OWASP DSOMM, NIST SSDF, SLSA, NIST AI RMF, and MITRE ATLASDeep understanding of application security issues, mitigation strategies, and common security controlsAbility to analyze and understand complex application architecturesExperience working directly within development teams and integrating security into the SDLCAssist with Practice development, improving offerings, and mentoring team membersContribute to marketing initiatives via research, speaking, writing, and tool developmentFoster client relationships through support, information, and guidance while managing concurrent client engagementsDemonstrates a startup mentality with a highly driven, high-performance approach to workComprehensive hands-on experience using generative AI in automated workflowsDirect hands-on experience in application security service offerings, including application threat modeling, architecture reviews, and AppSec/DevSecOps program assessmentsExperience with application security controls, architectures, requirements, and industry standardsDevelopment and/or application architecture design background with understanding of secure implementation practices for cryptography, input validation techniques to prevent injection attacks, and exception managementOperational DevSecOps experienceDevelopment experience in JavaScript, shell, Python, Java, C++, PHP, or C#, with ability to translate security requirements into technical implementationsExcellent writing, communication, and time management skillsMinimum of 6 years of experience in Application Security and/or Software Development, with at least 3 years in Application SecurityMinimum of 2 years of experience in consulting services or internal security roles requiring effective communication with both technical teams and executive leadershipBachelor's degree in a relevant discipline or equivalent experienceBenefitsRemote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans12 corporate holidays and a Flexible Time Off (FTO) programHealthy mobile phone and home internet allowanceEligibility for retirement plan after 2 months at open enrollmentPet Benefit OptionCompany OverviewGuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations minimize risk. It was founded in 2011, and is headquartered in Reston, Virginia, USA, with a workforce of 1001-5000 employees. Its website is https://www.guidepointsecurity.com/.