The Principal Application Security Consultant plays a key role at DirectDefense as a leader on our technical team and performing penetration testing and vulnerability assessment work on and within client environments. The Principal Application Security Consultant conducts formal tests on a diverse variety of applications, networks, servers, databases, and other infrastructure components to measure an organization’s susceptibility to compromise.

In addition to strong technical skills, the successful candidate in this role will have strong interpersonal skills and be able to communicate complex security topics to technical teams within various organizations. Key success factors include the ability to stay current on the latest vulnerabilities and technology trends, the ability to develop proofs of concept that accurately and effectively demonstrate vulnerabilities discovered, and the ability to communicate findings and recommendations clearly in writing.

Responsibilities:

• Perform network application penetration testing, source code reviews, threat analysis, cloud, and network assessments.
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
• Recognize and safely utilize attacker tools, tactics, and procedures.
• Develop scripts, tools, or methodologies to enhance team processes.
• Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff.
• Perform Vulnerability Scanning and Malware Analysis.
• Assess, monitor, and recommend improvements to our client’s security architecture.
• Define tasks, processes, and procedures necessary to implement, maintain support, and monitor proposed solutions.
• Collaborates with the Application Security and Compliance team to develop holistic security solutions for our clients.
• Reviews audits, and evaluates security solutions and designs.
• Proactively identify technical and architectural risks, commenting and/or providing alternatives for improvement.
• Reviews to ensure the use of best practices and compliance with security frameworks like (ISO2700x, PCI, and HIPAA).

Qualifications:

• 7-12 years of experience with Application Security and/or Penetration Testing.
• Familiarity with offensive toolkits used for Network and Application Penetration Testing.
• Familiarity with offensive and defensive IT concepts.
• Knowledge of Linux and/or Windows administration.

A little about DirectDefense

Since coming together in 2011 to form DirectDefense, our team has been committed to offering Cybersecurity defense strategies that are unmatched in the industry. Whether we are performing assessments of networks, platforms, and applications or applying managed services to improve your organization’s security posture, we are focused on providing world-class services that don’t just work–they work for you.

OUR MISSION

We establish partnerships with our clients based on trust and results. We leverage our deep industry knowledge and expertise to identify and remediate blind spots in your security program, provide meaningful visibility of your entire enterprise, and align your organization with security best practices and compliance standards.

OUR VISION

We aim to secure organizations across all industries against advanced threats and attacks in today’s world. Acting in partnership with organizations, we will provide unmatched information security services designed to improve your overall security posture, close gaps, and track vulnerabilities on an ongoing basis through continued education and support.

As required by Colorado law under the Equal Pay for Equal Work Act, DirectDefense provides a reasonable range of compensation for roles that may be hired in Colorado. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific office location. For the state of Colorado only, the range of starting pay for this role is $120,000 - $200,000 per year with a bonus package.