Senior Manager - Application Security | US Remote

About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.  But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.  At Coalfire the Application Security (ApSec) Business is composed of highly skilled security testers with a passion for enhancing system security postures.  Our team members actively participate in the information security community and have released toolsets, blog posts, and whitepapers. Our team members train and present at numerous industry conferences, including BlackHat, DefCon, ShmooCon, BlueHat, DerbyCon, 44CON, and numerous BSides, covering offensive and defensive operations as well as the tools and capabilities we create and share.  Come join an amazing technical security team which makes a difference in the information security industry and consistently pushes the limits of offensive and defensive security capabilities. We are currently seeking a Senior Manager to support our AppSec Teams Remotely.
Position Summary
The Sr. Manager is responsible for the performance of their team of consultants, including team utilization/billability, skillset development, mentoring, and project execution. The Sr. Manager has a strong understanding of Application Security, penetration testing, compliance frameworks, and offensive security best practice requirements, as well as a strong mentoring mentality.  The Sr. Manager oversees projects, performs project tasks, and ensures quality reports for clients. They work closely with Project Managers, Directors, and other Delivery team members to effectively manage their team, project timelines, and deliverables for which they are responsible. Sr. Managers may also be asked to support Sales activities. Additionally, Sr. Managers will continue to consult directly for clients for a variety of high-expertise tasks, including application security assessments, code reviews, threat models, and application security program development and implementation engagements.

What You'll Do

• Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve successful project delivery with team and non-team planned resources.
• Either handle or escalate client and project-related issues in a timely manner.
• Interface with clients as a thought leader, individual contributor, and/or Engagement Lead through entire engagement, interacting will all levels of client organizations. Establish and maintain positive, collaborative relationships with clients and stakeholders.
• Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables.
• Lead customer-facing meetings including charter/kickoff, periodic status, and project debrief meetings.
• Provide mentorship and coaching to team members in areas of AppSec-specific penetration testing tradecraft, security consultation, and reporting / presentations. 
• Provide HR administrative duties for team members as required.
• Work with AppSec Leadership to develop/mature/maintain SOP’s and methodologies in support of AppSec products and services.
• Continuous professional development in maintaining a strong depth of knowledge in the practice area
• Support the team growth through the hiring interview process, acting as the hiring manager and working with your Director on compensation.
• Track team utilization against billable targets.
• Continue to perform direct, billable tasking in any/all application security offerings, including assessments, threat modelling, advisory work, training, and more.
• Provide Sales Support as necessary and in support of developing skills on a management career path.  Alternatively, continue to develop yourself as the seasoned technical SME you are on a technical career path.
• Primarily remote
• Ability to travel up to 10% (potentially & during normal circumstances)

What You'll Bring

• Ability to lead penetration testing projects/team independently for the full project lifecycle
• Strong understanding of application architecture and Software Development Lifecycles (SDLC)
• In-depth experience with various testing methodologies and creating custom tools “on-the-fly”
• Strong working knowledge with tools such as Burp Suite, Postman, SQLmap, etc., as well as commercial, automated Static (SAST) and Dynamic (DAST) solutions
• Strong working knowledge of at least two programming or scripting languages
• Strong understanding of API/web services, as well as web, mobile, thick client, and IoT applications
• Strong understanding of security principles, policies, and industry best practices
• An aptitude for technical writing, including assessment reports, presentations, and operating procedures
• Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), and National Institute of Standards and Technology (NIST) Special Publications
• Understanding of the essential business practices of a professional consulting organization
• Minimum of 5 years’ experience in a consulting/professional services role 
• Minimum of 5 years’ experience in Application Security or a related role

Bonus Points

• An advanced degree in an IT-related field
• Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
• Knowledge of applied cryptographic protocols
• OSCP/E, OSWE, OSED, GWAPT, GPEN, or GXPN certification(s)

Why You'll Want to Join Us 
At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.  Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like flexible time off, certification and training reimbursement, and comprehensive insurance options. At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $104,000 to $179,600 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. 
This can be a remote position (must be located in the United States). 
#LI-Remote#LI-GB1