What are the responsibilities and job description for the Senior Application Security Consultant, Strategic Services- Remote (Anywhere in position at GuidePoint Security, LLC?
GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.
Summary
GuidePoint Security offers an inclusive set of strategic Application Security services, including Application Threat Modeling, Application Architecture Reviews, and AppSec/DevSecOps Program Assessments. As a Senior Application Security Consultant within Strategic Services, you'll deliver these offerings to clients across various industries.
You'll join GuidePoint's elite team to perform engagements, communicate with clients, deliver comprehensive reports, and provide remediation guidance. You'll also contribute to evolving our service offerings in response to emerging threats and client needs.
We're ideally seeking candidates who have transitioned from software development into application security, bringing practical coding experience and an in-depth understanding of secure software development practices.
Role Requirements
- Willingness to travel up to 10%
- Delivering Application Security services, including Application Threat Modeling, Application Architecture Reviews, and AppSec/DevSecOps Program Assessments
- Author comprehensive assessment deliverables tailored to both technical and managerial audiences detailing technical execution, deficiencies, business impact, and remediation strategies
- Understanding of application security landscape, tools, methodologies, and frameworks such as OWASP SAMM, OWASP DSOMM, NIST SSDF, SLSA, NIST AI RMF, and MITRE ATLAS
- Deep understanding of application security issues, mitigation strategies, and common security controls
- Ability to analyze and understand complex application architectures
- Experience working directly within development teams and integrating security into the SDLC
- Assist with Practice development, improving offerings, and mentoring team members
- Contribute to marketing initiatives via research, speaking, writing, and tool development
- Foster client relationships through support, information, and guidance while managing concurrent client engagements
- Demonstrates a startup mentality with a highly driven, high-performance approach to work
Education, Credentials, and Experience
- Comprehensive hands-on experience using generative AI in automated workflows
- Direct hands-on experience in application security service offerings, including application threat modeling, architecture reviews, and AppSec/DevSecOps program assessments
- Experience with application security controls, architectures, requirements, and industry standards
- Development and/or application architecture design background with understanding of secure implementation practices for cryptography, input validation techniques to prevent injection attacks, and exception management
- Operational DevSecOps experience
- Development experience in JavaScript, shell, Python, Java, C , PHP, or C#, with ability to translate security requirements into technical implementations
- Excellent writing, communication, and time management skills
- Minimum of 6 years of experience in Application Security and/or Software Development, with at least 3 years in Application Security
- Minimum of 2 years of experience in consulting services or internal security roles requiring effective communication with both technical teams and executive leadership
- Bachelor's degree in a relevant discipline or equivalent experience
We use Greenhouse Software as our applicant tracking system and Zoom Scheduler for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don't miss updates on your application.
Why GuidePoint?
GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 1000 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 4,200 customers.
Firmly-defined core values drive all aspects of the business, which have been paramount to the company's success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.
This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.
Some added perks....
- Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
- Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)
- Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
- 12 corporate holidays and a Flexible Time Off (FTO) program
- Healthy mobile phone and home internet allowance
- Eligibility for retirement plan after 2 months at open enrollment
- Pet Benefit Option
GuidePoint Security, LLC is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law.