Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by researching and discovering the newest security vulnerabilities, attending and speaking at top security conferences around the world, and sharing knowledge on a variety of topics with key industry groups. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences, publishing white papers and blogging.
Our professionals work together in planning, pursuing, delivering and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients.
- Work with client personnel to enhance the Software Development Life Cycle (SDLC) by adding security to remove vulnerabilities and protect business logic. Establish a security program for the SDLC, capture the client's current application architecture, lead the overall application review process, identify application vulnerabilities, propose architectural changes, design, coordinate, and implement these changes at procedural and technological levels.
- Perform detailed Quality Assurance (QA) review of web-based applications, identify and validate application vulnerabilities, and perform actual remediation at architectural and source code levels.
- Complete the draft and final reports and other deliverables as specified in planning documentation. Ensure project documentation is complete and archived appropriately.
- Act as a subject matter resource in specific programming languages and web application environments. Propose vulnerability risk level and estimated level of remediation effort. Propose code fix or architectural strategies to remediate identified vulnerabilities. Confirm appropriateness of a proposed remediation approach or propose viable alternatives and perform the actual remediation.
- Collaborate with the engagement team to plan the engagement and develop work programs, timelines, and planning documentation. Work with the team to document the business processes dependent on IT. Ensure high-quality client service by directing daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance.
- Demonstrate and apply a thorough understanding of complex enterprise systems. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues. Communicate appropriately with the engagement team and client management through written correspondence and verbal presentations.
- Demonstrate and apply strong project management skills, inspire teamwork and responsibility with engagement team members, and use current technology and tools to enhance the effectiveness of deliverables and services.
To qualify, candidates must have:
- Bachelor’s degree and a minimum of 2 years of related work experience; or a Master’s degree and approximately 1-2 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major.
- Experience conducting application security vulnerability assessments and attacks including creation of proof-of-concept exploits.
- Experience with tools such as Fortify, AppScan, WebInspect, Burp, ZAP.
- Demonstrated experience with enterprise application development in one or more of the common development platforms: Java/J2EE, .NET/C#, C/C++, PHP, Python, or Flash.
- Demonstrated experience in Information Security strategic planning, architecture migration strategies or security engineering strategy.
- Knowledge of networking and system-level concepts such as web application architecture, REST APIs, SOAP, jQuery, AJAX, message oriented architecture.
- Demonstrated experience in key Cybersecurity domains such as identity, access management, and cryptography.
- Enterprise experience with application development for mobile platforms such as iOS, or usage of mobile frameworks such as Kony or PhoneGap is a plus.
- Understanding of best practice methodologies in application security including OWASP and mobile.
- Understanding of development methodologies such as waterfall, agile, continuous integration.
- Demonstrated experience in writing enterprise security standards, policies, coding guidelines.
- Ability to examine issues both strategically and analytically.
- Proficiency in the English language, including the ability to listen, understand, read, and communicate effectively both written and verbally in a professional environment.
- Demonstrated characteristics of a forward thinker and self-motivator who thrives on new challenges and adapts to learning new knowledge.
- Strong analytical and problem-solving skills.
- A military/government background is a plus.
- Prior Big 4 or other relevant consulting experiences a plus.
- A strong work ethic.
- Able to work collaboratively in a team environment.
- A valid driver's license in the US and a valid passport required; willingness and ability to travel domestically and internationally to meet client needs; estimated 80% travel required.
- The successful candidate must hold or be willing to pursue related professional certifications such as the CISSP, Open Group Certified Architect, or CEH certification.