Application Security Consultant
Location: Seattle, WA
Security Innovation is looking for candidates that love Application Security and the Software Development Lifecycle (SDLC). We don’t expect our candidates to know everything about everything, but we do expect them to passionately take on new challenges and learn quickly. Successful candidates are excited about Application Security and have a good understanding of how organizations design, implement, and maintain software.
Our team is located in downtown Seattle serving a global client base of technology vendors and enterprise IT organizations. We’re looking for a professional security engineer to join our office in Seattle, however, this position can be Remote.
This is potentially the most large-scale, impactful role you can have as a consultant.
Your day-to-day job is to help our customers understand how to build security into their Software Development Lifecycle. You'll be learning how they build software and helping them to bridge the gaps from where they are now to where they want to go. You'll design their roadmap to give them actionable guidance and support. This role is very customer facing and important to both Security Innovation and our clients.
Here are some of the other Roles and Responsibilities of what you will do on a daily basis:
- Work closely with our Senior Security Consultant to carry out in-depth reviews of organization’s software development processes and identify gaps in application security practices
- Develop and execute risk profile surveys to determine which applications carry the highest risk to the business
- Conduct in-person and remote interviews with IT and development team staff to identify gaps in application development processes
- Analyze and present results to team members, managers, and customers
- Write detailed reports, test plan documents, and recommendations
- Travel to client sites to conduct in-person security reviews and assessments
We’ll read it, but we understand who you are on paper isn't the same as who you are on the team. Being professional with documentation is essential when putting together reports for our clients. Constructing a formal resume can demonstrate that to us. What we’re really looking for, even if your resume doesn’t say it, is someone versed and capable in one or many of the following areas:
- Secure Software Development processes and methodologies (MS-SDL, OpenSAMM, BSIMM, ISO/IEC 27034, etc.)
- IT Security Best Practices
- Software development tools and processes
- Interest in conducting security research
What we expect of our applicants:
- Knowledge of common application security bugs and other attack types
- Demonstrate an understanding of enterprise IT infrastructure
- Above average knowledge of application development
- Knowledge of common development methodologies such as Waterfall, Agile (Scrum, Kanban, etc.)
- Enjoys reading, editing, and writing organizational policies
- Strong written and verbal communication skills
- Detail oriented and reliable
- Not a jerk - We have a policy about it
Nice to Haves:
These skills are not required, but if you have some of them, you are likely a good candidate for the position:
- B.S. in Information Security or a related degree
- Completed CISSP, CSSLP, or similar security certifications
- Written coursework, blog posts, or white papers regarding Information or Application Security
- Presented at security conferences
- Understanding of application design, development, and testing techniques
- Knowledge of compliance standards such as ISO 27002, NIST SP800-52, HIPAA, PCI, Gramm-Leach-Bliley, etc.
- Membership or participation in an Information Security professional development group
- Good sense of humor
Perks & Benefits:
There is a reason we have a 4.9/5 rating on Glassdoor. We take care of our clients, but also take care of our employees.
- Comprehensive health, dental, and vision insurance coverage provided (HMO, PPO, and HSA options available)
- Generous 401k matching
- Take what you need PTO
- Work-life balance – we mean it
- Financial assistance and scheduled time off for research
- Professional Development budget for conferences, classes, certifications, or other learning opportunities
- Flexible work environment with telecommuting options available
- Extensive technology budget renewed every year
- Free coffee, snacks, beverages, among other office treats
**You must be legally eligible to work in the USA. We are not accepting candidates that will require Security Innovation to commence ("sponsor") an immigration case (for example, H-1B or other employment-based immigration case) at this time or in the future.