Senior Manager - Application Security | US Remote
United States
Applications have closed
Coalfire
Coalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable…Position Summary
The Sr. Manager is responsible for the performance of their team of consultants, including team utilization/billability, skillset development, mentoring, and project execution. The Sr. Manager has a strong understanding of Application Security, penetration testing, compliance frameworks, and offensive security best practice requirements, as well as a strong mentoring mentality. The Sr. Manager oversees projects, performs project tasks, and ensures quality reports for clients. They work closely with Project Managers, Directors, and other Delivery team members to effectively manage their team, project timelines, and deliverables for which they are responsible. Sr. Managers may also be asked to support Sales activities. Additionally, Sr. Managers will continue to consult directly for clients for a variety of high-expertise tasks, including application security assessments, code reviews, threat models, and application security program development and implementation engagements.
What You'll Do
- Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve successful project delivery with team and non-team planned resources.
- Either handle or escalate client and project-related issues in a timely manner.
- Interface with clients as a thought leader, individual contributor, and/or Engagement Lead through entire engagement, interacting will all levels of client organizations. Establish and maintain positive, collaborative relationships with clients and stakeholders.
- Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables.
- Lead customer-facing meetings including charter/kickoff, periodic status, and project debrief meetings.
- Provide mentorship and coaching to team members in areas of AppSec-specific penetration testing tradecraft, security consultation, and reporting / presentations.
- Provide HR administrative duties for team members as required.
- Work with AppSec Leadership to develop/mature/maintain SOP’s and methodologies in support of AppSec products and services.
- Continuous professional development in maintaining a strong depth of knowledge in the practice area
- Support the team growth through the hiring interview process, acting as the hiring manager and working with your Director on compensation.
- Track team utilization against billable targets.
- Continue to perform direct, billable tasking in any/all application security offerings, including assessments, threat modelling, advisory work, training, and more.
- Provide Sales Support as necessary and in support of developing skills on a management career path. Alternatively, continue to develop yourself as the seasoned technical SME you are on a technical career path.
- Primarily remote
- Ability to travel up to 10% (potentially & during normal circumstances)
What You'll Bring
- Ability to lead penetration testing projects/team independently for the full project lifecycle
- Strong understanding of application architecture and Software Development Lifecycles (SDLC)
- In-depth experience with various testing methodologies and creating custom tools “on-the-fly”
- Strong working knowledge with tools such as Burp Suite, Postman, SQLmap, etc., as well as commercial, automated Static (SAST) and Dynamic (DAST) solutions
- Strong working knowledge of at least two programming or scripting languages
- Strong understanding of API/web services, as well as web, mobile, thick client, and IoT applications
- Strong understanding of security principles, policies, and industry best practices
- An aptitude for technical writing, including assessment reports, presentations, and operating procedures
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), and National Institute of Standards and Technology (NIST) Special Publications
- Understanding of the essential business practices of a professional consulting organization
- Minimum of 5 years’ experience in a consulting/professional services role
- Minimum of 5 years’ experience in Application Security or a related role
Bonus Points
- An advanced degree in an IT-related field
- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
- Knowledge of applied cryptographic protocols
- OSCP/E, OSWE, OSED, GWAPT, GPEN, or GXPN certification(s)
At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like flexible time off, certification and training reimbursement, and comprehensive insurance options. At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $104,000 to $179,600 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs.
This can be a remote position (must be located in the United States).
#LI-Remote#LI-GB1
Tags: APIs Application security Burp Suite Compliance DAST GPEN GWAPT GXPN NIST Offensive security Open Source OSCP OSWE OWASP Pentesting PostMan SAMM SAST Scripting SDLC Security assessment Travel
Perks/benefits: Career development Competitive pay Conferences Equity Flex hours Flex vacation Salary bonus Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs