Senior Application Security Consultant - Strategic Services

Summary

GuidePoint Security offers an inclusive set of strategic Application Security services including Application Threat Modeling Application Architecture Reviews and AppSec/DevSecOps Program Assessments. As a Senior Application Security Consultant within Strategic Services you’ll deliver these offerings to clients across various industries.

You’ll join GuidePoint’s elite team to perform engagements communicate with clients deliver comprehensive reports and provide remediation guidance. You’ll also contribute to evolving our service offerings in response to emerging threats and client needs.

We’re ideally seeking candidates who have transitioned from software development into application security bringing practical coding experience and an in-depth understanding of secure software development practices.

Role Requirements

• Willingness to travel up to 10%

• Delivering Application Security services including Application Threat Modeling Application Architecture Reviews and AppSec/DevSecOps Program Assessments

• Author comprehensive assessment deliverables tailored to both technical and managerial audiences detailing technical execution deficiencies business impact and remediation strategies

• Understanding of application security landscape tools methodologies and frameworks such as OWASP SAMM OWASP DSOMM NIST SSDF SLSA NIST AI RMF and MITRE ATLAS

• Deep understanding of application security issues mitigation strategies and common security controls

• Ability to analyze and understand complex application architectures

• Experience working directly within development teams and integrating security into the SDLC

• Assist with Practice development improving offerings and mentoring team members

• Contribute to marketing initiatives via research speaking writing and tool development

• Foster client relationships through support information and guidance while managing concurrent client engagements

• Demonstrates a startup mentality with a highly driven high-performance approach to work

Education Credentials and Experience

• Comprehensive hands-on experience using generative AI in automated workflows

• Direct hands-on experience in application security service offerings including application threat modeling architecture reviews and AppSec/DevSecOps program assessments

• Experience with application security controls architectures requirements and industry standards

• Development and/or application architecture design background with understanding of secure implementation practices for cryptography input validation techniques to prevent injection attacks and exception management

• Operational DevSecOps experience

• Development experience in JavaScript shell Python Java C++ PHP or C# with ability to translate security requirements into technical implementations

• Excellent writing communication and time management skills

• Minimum of 6 years of experience in Application Security and/or Software Development with at least 3 years in Application Security

• Minimum of 2 years of experience in consulting services or internal security roles requiring effective communication with both technical teams and executive leadership

• Bachelor’s degree in a relevant discipline or equivalent experience