Associate Managing Consultant- Application Security (ID: 31478)

The application security professionals who work for our company bring industry experience, confidence, and technical expertise to help our clients overcome unique challenges. We plan, pursue, deliver, and manage engagements to assess, improve, build, and sometimes operate integrated application security operations for our clients.

A career in Software Integrity Group would provide opportunities to gain experience with enterprise-level software implementations, keep your day-to-day routine exciting and allow you to grow personally and professionally. Based on your level of knowledge and skills, an Associate Managing Consultant may have a wide range of responsibilities.

General skills and attributes

1. Knowledge and 5-7 years of hands-on experience with key components of DevSecOps consulting (e.g., CI pipelines, security testing, static and dynamic testing, SBOM, general cloud concepts).
2. Knowledge and understating of general cyber risk concepts (e.g., risk prioritization, data protection, incident response, disaster recovery).
3. Developing DevSecOps standards and processes within an organization.
4. Experience in working independently or as part of a large team to delivery application security services on its own or within large complex projects.
5. Practical experience with conducting risk assessments and testing of controls (e.g., OpenChain, cloud, sector specific regulatory requirements, strategy and governance, program roadmaps).
6. Excellent analytical skills and ability to decipher data from testing results.
7. Demonstrated leadership abilities (e.g., lead presentation, develop themes and executive decks, lead status meetings)

Responsibilities

1. Consistently deliver quality client services. Monitor progress, manage risk, and ensure key stakeholders are kept informed about progress and expected outcomes.
2. Lead and support the executing team to make an impact that matters and setting the direction to deliver exceptional client service.
3. Work with clients to analyze, evaluate, and enhance the effectiveness of their application/product security posture at procedural and technological levels from design to deployment.
4. Use knowledge of current application security best practices and industry trends to lead the implementation of application security solutions for our clients and support the clients in their desire to protect their business.
5. Help identify and pursue DevSecOps business opportunities.
6. Stay abreast of current business and industry trends relevant to our client's.
7. Establish relationships with client personnel at appropriate levels.
8. Possess good business acumen. Remain current on new developments in advisory services capabilities and industry knowledge.
9. Provide input and assist the team maintain and build out new DevSecOps related service offerings that are relevant to the industry.
10. Assist, Oversee the design & development of strategic initiative to be presented to potential clients.
11. Participate in market facing activities and developing thought leadership materials.
12. Provide technical leadership with respect to the development and execution of our key application security service offerings (e.g., conducting assessments of applications (web, cloud, mobile) architecture reviews, recommendations and aligning them to appropriate risk ranking systems).

To qualify, you must have:

1. Five to seven years of prior consulting experience.
2. Undergraduate or masters’ degree in one of the following areas: Information Security, Business Management, Information Systems, Computer Science, Engineering, and/or other related majors.
3. Detail oriented and relentless pursuit to improve quality of work products.
4. Familiarity with DAST, SAST, SCA, Penetration Testing, Vulnerability Management and OWASP. Other cyber risk competencies such as vulnerability management, incident response etc. is a plus.
5. Ability to evaluate application security programs for clients and developing key elements of the program as part of the enhancement process and developing and maturing processes.
6. Evaluating DevSecOps programs to determine how to embed security activities and working with clients to evolve their development programs to embed application security tooling and processes.
7. Solid understanding of application security programs and experience in helping customers drive their application security initiatives.
8. Overall understanding of software development processes, technologies, architectures, and practices, and risk management.
9. Experience managing diverse team of technical consultants.
10. Superior and highly effective client management skills.
11. Ability to summarize technical information for executives to create effective and concise presentations, proposals, and SOWs for C-level executives.
12. Written communication skills including formal documentation, statements of work, proposals, sources sought and request for information responses, white papers, and case studies.
13. CISSP certification or equivalent.
14. Willingness to travel (up to 40% - Post Covid).

Synopsys, Software Integrity Group, is named a leader for 2020 in the Gartner Magic Quadrant for Application Security Testing (AST), recognizing our vision and ability to execute. Every business runs on software, and defects in software create risk. We’ve curated the most robust products and services to create one comprehensive platform that enables our customers to detect and remediate deficiencies across their entire SDLC. To find out more about Synopsys SIG, check out https://www.synopsys.com/software-integrity.html.   

Inclusion and Diversity are important to us. Synopsys considers all applicants for employment without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, military veteran status, or disability