Security Consultant, AppSec

Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients.  We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India.
About the Job: The Application Security Consultant reports directly to the Cloud and Application Security Practice Director and is tasked with guiding clients from traditional DevOps practices to a comprehensive DevSecOps model. This role encompasses conducting in-depth code reviews, utilizing DAST, SAST, and SCA tools for security assessments, and performing web application penetration tests. With a focus on integrating security into the development lifecycle, this role requires a candidate with a strong development background and familiarity with a broad spectrum of programming languages.

Responsibilities:

• Lead security reviews and web application penetration tests to identify vulnerabilities across a variety of development frameworks and languages.
• Advise on the integration of security practices within DevOps processes, aiding in the transition to DevSecOps.
• Perform thorough code reviews using DAST, SAST, and SCA tools, focusing on a wide array of programming languages.
• Work closely with development teams to instill secure coding practices and embed security measures within CI/CD pipelines.
• Support the bug bounty program.
• Support the preparation of security releases.
• Assist in development of security processes and automated tooling that prevent classes of security issues. 

Requirements:

• Extensive experience application and code security
• Experience with static and dynamic code analysis solution. For Example: Veracode, Checkmarx, SonarQube
• Retain one or more of the following certifications: CISSP, CISM, OSCP, CEH
• Experience in solution architecture, DevSecOps practices, and cloud integration.
• Experience working with Infrastructure as Code, CI/CD pipelines and Secure DevOps processes.
• Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, SAML, etc.).
• Strong expertise in at least one of the major programming languages (e.g., C/C++, Java, Python). This foundational knowledge is crucial for conducting effective code reviews and security assessments.
• An understanding of, or experience with, a diverse set of languages, including but not limited to Gosu, Business Basic, CLI Scripts, HCL Domino, Net.Data, PowerShell, Shell, SQL, and SQR.
• 2-3 years overall application security experience
• Strong security inclination
• Strong technical writing skills 

Cyderes is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status.
Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.