Security Consultant (Secure Code Review + Web Application Penetration Testing)

Description

Location: US, Remote

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance. We help secure the most trusted brands on Earth with our Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS) solutions. Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.

NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers .

NetSPI is seeking Security Consultants who will serve as a resource for both delivery of code review assessments, in addition to web application penetration tests. This position requires an understanding of technology, enterprise security and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution.

Responsibilities

• Deliver secure code review assessment on programming languages such as Java, C#, PHP, Python, Perl, C/C++ , SQL, >
• Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques
• Train and assist developers in writing secure software and remediating existing vulnerabilities
• Develop and review custom vulnerability description, business impact and remediation content
• Develop, research and recommend open source tools assisting in secure code review
• Contribute to development and delivery of secure coding and remediation training
• Mentor and assist team members in effectively delivering assessments and enhancing skillsets
• Recommend best practices to integrate and automate application security testing in SDLC
  
  
  

Minimum Qualifications

• 4+ years of experience in application security including secure code review, web application penetration testing or threat modelling
• 2+ years of experience in secure code review / static application security testing (SAST)
• Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code
• Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience
• High standards of ethics, integrity and professionalism
• Bachelor’s degree with a focus on IT, Computer Science, Engineering or Math
• Able to travel up to 25%
  
  
  

Preferred Qualifications

• Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities in at least two of the following languages: Java, C#, PHP, Python, Perl, C/C++ , SQL, >
• Hands-on experience conducting security focused static analysis using commercial SAST tools such as Checkmarx, Appscan Source, Veracode, Coverity, Fortify and SonarQube
• Experience in software development in at least one server-side programming language
• Experience in integrating static application security tools in CI/CD environment
• Master’s degree in Computer Science/ Engineering or equivalent
  
  
  

About the Organization NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most.

Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI helps security teams take a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.

By continually advancing solutions such as Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS), NetSPI goes beyond the noise to deliver high impact results and recommendations based on business needs, so customers can protect their priorities, perform better, and innovate with confidence.

NetSPI secures the most trusted brands on Earth, including nine of the top 10 U.S. banks, four of the top five leading cloud providers, three of the five largest healthcare companies, four MAMAA companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500.

EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.