Application Security Consultant

Overview
Suitable for candidate with 1+ years of experience in relevant areas such as application security, product security, penetration testing, DevOps
Position Summary & Primary Objectives
Reporting to the Team Lead – AppSec, the "Security Consultant, Application Security - STA" is responsible for delivering high quality application security consulting services to CyberCX clients. They play a critical role in supporting Application Security program of works to help organisations build and maintain secure applications and mature their Secure SDLC processes.
Key Roles & Responsibilities
Deliver Application Security services such as threat modelling, Secure SDLC reviews and secure development training to organisations
Build out and promote strong, long-lasting relationships with a diverse range of customers, and identify and explore opportunities within existing and new customers.
Act as a subject matter expert and technical leader both within STA and externally across practice for Application Security services.
Prepare high quality reports detailing security issues, making recommendations, and identifying solutions, and lead presentations and discussions with customers around Application Security work performed, key results, strategies, processes recommendations and next steps/roadmap to success
Ensure that KPIs around client expectation management, delivery deadlines, quality of work and deliverables etc are met, including maintaining visibility of project budget vs actual delivery time and flowing up deviations.
Assist with the development of standardised methodologies, identifying and building tools, and improve processes
Assist with R&D, innovation, and practice improvement activities
Preferred Qualifications, Experience & Skills
1+ years of experience in relevant areas such as application security, product security, penetration testing, DevOps and/or software development, including but not limited to the following:
Conducting threat modelling exercises and design reviews
Building, supporting and implementing automated security testing tools
Implementing DevSecOps processes and managing CI/CD pipelines
Conducting secure code reviews for various languages and frameworks
Performing Secure SDLC and Secure DevOps reviews against industry standards such as OWASP SAMM and NIST SSDF
Experience with containerisation and Infrastructure as Code (IaC)
Tertiary qualification in information systems, cyber security, software development or a similar field, or equivalent industry experience
Strong stakeholder engagement and communication skills with an ability to build credibility with senior leaders and internal working teams
Personal Attributes
Professional and ethical, you inspire trust and confidence through integrity and respect
Customer-obsessed and a self-starter, you go above and beyond to deliver extraordinary results and experiences for customers
Innovative and open to change, you are focused on finding opportunities for continuous improvement and ways to optimise work processes
Collaborative and with an enterprise mindset, you speak up and welcome all input, opinions and questions
Emotionally intelligent, you lead with empathy, connection, and assertiveness
About CyberCX
CyberCX is the leading independent cyber security services organisation in Australia and New Zealand. CyberCX is Australia's greatest force of cyber security professionals. CyberCX has united the country's most trusted cyber security companies to deliver the most comprehensive end to end cyber security services offering to Australian enterprises and governments.
We are cyber security experts first and foremost. We're a unified team of highly qualified, certified and skilled professionals working together on the same mission: to protect and defend Australian organisations from cyber threats.
We specialise in: Strategy & Consulting | Governance, Risk & Compliance | Security Testing & Assurance | Identity & Access Management | Network & Infrastructure Solutions | Managed Security Services | Cloud Security & Solutions | Digital Forensics & Incident Response | Cyber Capability, Education & Training Apply For Job
#J-18808-Ljbffr