Application Security Consultant

Full Time
Burlington, Massachusetts
report a problem
Overview

Veracode is seeking a motivated and energetic individual who is interested in working customer security professionals and software developers to improve application security in a measurable way. The Security Consultant will focus on training developers and security teams on application security best practices, by providing code-level remediation advice on potential application vulnerabilities that were identified by the Veracode service. As a Veracode Security Consultant, you will: be a subject matter expert in application security and provide consultative services to Veracode customers introduce customers and prospects to the use of the Veracode service interact with a variety of customer personnel, ranging from software developers to security executives. Have excellent technical skills and communication skills. Help users and various stake-holders within the customer organization interpret results from the Veracode service, and tailor the presentation to the appropriate audience. Participate in the sales efforts as needed when technical capabilities of the service are presented. Become an active participant and trusted advisor throughout the customer SDLC. Work with the Veracode product strategy team to file and track customer enhancement requests. Train and mentor new employees. This position requires a motivated individual that strives to find solutions that align with client needs while providing a repeatable solution(s) that can be reused across multiple programs. It will require constant and effective communication with internal/external cross-functional teams. This individual will have the opportunity and freedom to cultivate new and innovative solutions which will benefit our entire client base.

 
Candidate will operate as member of application security consulting team delivering tactical mentorship and strategic consulting in terms of general application security awareness, secure development best-practices, and effective utilization of Veracode services. Ability to effectively communicate application security concepts to developers unskilled in these is essential, as is the ability to also function as a trusted advisor to security stakeholders within client organizations. Additional opportunities of the role include threat analysis and modeling, evaluation of effectiveness of compensating controls within and beyond application implementation logic, creation of client security program recommendations.

Skills & Requirements

BS/BA in Computer Science, Engineering or related field, or equivalent experience. 2+ years of recent software development experience. Understanding of Application-level security and secure coding practices. Proficiency in one of more of the following programming languages:  C, C++, C#, Java, or PHP Hands-on experience with one or more of the following: Visual Studio or Eclipse, Bugzilla or Jira, Hudson, Jenkins, or Cruise Control. Archer, SAML/SSO, VMware Databases, Command Shell scripting. Client requirement gathering, prioritization and scoping experience. Strong technical writing skills. Strong oral communication skills in English and good presentation/teaching skills. Excellent problem-solving and organizational skills. Ability to apply these skills cooperatively in a collaborative team environment.Additional Skills & Experiences:  Familiarity with CVSS, CWE, OWASP, WASC and SANS-25.Experience with source code analysis and interactive application security testing products. Understanding of common risk mitigation practices and technologies such as firewalls, ACLs and multi-factor access controls.  SaaS, Professional Services and/or professional Training/Mentoring experience also desired.

 

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.




Share this job:

Veracode

Veracode secures the software that runs the world.
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security. 

Veracode’s powerful cloud-based platform, deep security expertise and programmatic, best practices approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures. 

Recognized as a Gartner Magic Quadrant Leader since 2010, Veracode secures hundreds of the world’s largest global enterprises, including 3 of the top 4 banks in the Fortune 100 and 25+ of the world's top 100 brands.

Specialties
Application Security, Application Risk Management, Vendor Application Security Testing (VAST), Manual Penetration Testing, Vulnerability Remediation Consulting, Mobile Application Security, Static Analysis, Dynamic Analysis, Third-Party Software Security
Visit Veracode's Social Media pages:
Company Industry: Computer & Network Security
Company Type: Privately Held
Company Size: 201-500