Application Security Consultant

Position Summary & Primary Objectives
Reporting to the Team Lead – AppSec, the 'Security Consultant, Application Security - STA' is responsible for delivering high quality application security consulting services to CyberCX clients.

They play a critical role in supporting Application Security program of works to help organisations build and maintain secure applications and mature their Secure SDLC processes.

*Key Roles & Responsibilities*

• Deliver Application Security services such as threat modelling, Secure SDLC reviews and secure development training to organisations
• Build out and promote strong, long-lasting relationships with a diverse range of customers, and identify and explore opportunities within existing and new customers.
• Act as a subject matter expert and technical leader both within STA and externally across practice for Application Security services.
• Prepare high quality reports detailing security issues, making recommendations, and identifying solutions, and lead presentations and discussions with customers around Application Security work performed, key results, strategies, processes recommendations and next steps/roadmap to success
• Ensure that KPIs around client expectation management, delivery deadlines, quality of work and deliverables etc are met, including maintaining visibility of project budget vs actual delivery time and flowing up deviations.
• Assist with the development of standardised methodologies, identifying and building tools, and improve processes
• Assist with R&D, innovation, and practice improvement activities

*Preferred Qualifications, Experience & Skills*

• 1+ years of experience in relevant areas such as application security, product security, penetration testing, DevOps and/or software development, including but not limited to the following:

• Conducting threat modelling exercises and design reviews

• Building, supporting and implementing automated security testing tools
• Implementing DevSecOps processes and managing CI/CD pipelines
• Conducting secure code reviews for various languages and frameworks
• Performing Secure SDLC and Secure DevOps reviews against industry standards such as OWASP SAMM and NIST SSDF
• Experience with containerisation and Infrastructure as Code (IaC)
• Tertiary qualification in information systems, cyber security, software development or a similar field, or equivalent industry experience
• Strong stakeholder engagement and communication skills with an ability to build credibility with senior leaders and internal working teams

*Personal Attributes*

• Professional and ethical, you inspire trust and confidence through integrity and respect
• Customer-obsessed and a self-starter, you go above and beyond to deliver extraordinary results and experiences for customers
• Innovative and open to change, you are focused on finding opportunities for continuous improvement and ways to optimise work processes
• Collaborative and with an enterprise mindset, you speak up and welcome all input, opinions and questions
• Emotionally intelligent, you lead with empathy, connection, and assertiveness

About CyberCX
CyberCX is the leading independent cyber security services organisation in Australia and New Zealand. CyberCX is Australia's greatest force of cyber security professionals. CyberCX has united the country's most trusted cyber security companies to deliver the most comprehensive end to end cyber security services offering to Australian enterprises and governments.

We are cyber security experts first and foremost. We're a unified team of highly qualified, certified and skilled professionals working together on the same mission: to protect and defend Australian organisations from cyber threats.

We specialise in: Strategy & Consulting | Governance, Risk & Compliance | Security Testing & Assurance | Identity & Access Management | Network & Infrastructure Solutions | Managed Security Services | Cloud Security & Solutions | Digital Forensics & Incident Response | Cyber Capability,

Education & Training