Application Offensive Security Consultant

The Application Offensive Security Consultant will be a critical member of the Application Security team, contributing to the Technology Risk initiative. This role focuses on conducting offensive security assessments on applications while providing subject matter expert (SME) guidance to key projects. The ideal candidate should have a strong understanding of application security testing, red teaming, and penetration testing, equipped to guide project initiatives and ensure adherence to security best practices.

Compensation and Benefits

• Competitive salary based on experience
• Health benefits
• Flexible working conditions

Why you should apply for this position today

This position offers the chance to work at the forefront of application security, providing opportunities to engage in meaningful security assessments. You will work collaboratively with various teams, enhancing your skills while contributing to significant projects that impact the organization.

Skills

• Minimum of 6 years of experience in application security testing
• At least 4 years of experience in conducting red teaming engagements
• Proficiency with application security testing tools such as Burp Suite Professional and OWASP ZAP
• Ability to perform manual security testing and utilize live off the land strategies
• Strong understanding of vulnerabilities in OWASP Top 10 and SANS Top 25, along with effective defense techniques
• Familiarity with the MITRE Framework and adversarial methodologies
• Capability to bypass controls and test countermeasures for misconfigurations
• Excellent multitasking and the ability to work under pressure
• OSCP or GWAPT certification is a plus

Responsibilities

• Perform red teaming against applications and APIs
• Conduct application threat hunting to assess risks
• Execute manual (non-automated) security testing of applications
• Provide vulnerability information in predefined report formats following manual testing methodologies
• Generate assessment reports and summarize findings for remediation, documenting technical issues identified during security assessments
• Act as a subject matter expert in response to security engineering questions related to application defense enhancements
• Collaborate with Security Architects, Product Managers, Risk Managers, and other teams to deliver high-quality products
• Note: Responsibilities may extend beyond those listed above.

Qualifications

• Minimum of 6 years of related experience
• Bachelors Degree and/or equivalent experience
• This is not a penetration testing role; it extends beyond traditional pen testing.

Education Requirements

• Bachelors Degree in a related field or equivalent experience

Education Requirements Credential Category

• Bachelors Degree

Experience Requirements

• Minimum of 6 years of experience in application security testing
• At least 4 years of experience in red teaming engagements
• Proficiency with application security testing tools and methodologies

Why work in Jersey City, NJ

Jersey City offers a vibrant urban lifestyle with a close-knit community feel. The city is known for its beautiful waterfront views, diverse dining options, and easy access to New York City. With a growing technology sector, Jersey City is an excellent place for professionals in the tech field to thrive and connect with like-minded individuals.

1. Do you have a minimum of 6 years of experience in application security testing

2. Do you have a minimum of 4 years of experience in conducting red teaming engagements

3. Do you have a minimum of 4 years of experience in application security testing tools such as Burp Suite Professional & Owasp Zap

4. Do you have the ability to test manually and live off of the land strategies

5. Do you have the ability to explain vulnerabilities and weaknesses in OWASP Top 10 and SANS Top 25 to any audience and discuss effective defensive techniques

6. Do you understanding of MITRE Framework and adversarial methodologies

7. Do you have the ability to bypass controls and/or test countermeasures for misconfigurations

8. Do you have the ability to work under pressure, multitask and be flexible

9. Are you Certified in OSCP or GWAPT or related offensive security/red teaming certification

10. Must be a US Citizen or Green Card holder.