Application Security Senior Consultant – Anywhere USA – Full time
The Application Security Practice of AT&T Consulting Solutions is looking for qualified persons to join its
team of world-class security professionals. This position will be focused on providing guidance around
application security considerations to our portfolio of Fortune 500 clients, conducting security
assessments of applications hosted and deployed on a wide range of platforms and languages, and work
with the practice leadership to keep abreast of developments in the application security space from
both a technical and a policy/process/procedure/compliance perspective.
Key job responsibilities will include:
Perform application security reviews, penetration tests, and code-level reviews
Consult with application owners on application vulnerabilities and security best practices
Follow standard methodologies and develop new and innovative processes.
Focus on results and work within tight timelines.
Demonstrated ability to learn and apply critical thinking to a variety of situations.
3-5 years of experience conducting web application security reviews
Expertise in web application vulnerabilities and security best practices
Knowledge of network and application design, support and development
Experience with the following Web Assessment tools: BURP Suite PRO, APP Scan, and other
tools as needed.
BS in CS, Engineering, Information Systems or equivalent.
Experience performing penetration testing at the network layer
Experience performing secure code reviews on common languages and experience with tools
such as Fortify 360 or AppScan Source Edition
Understanding of web application protocols (HTML, HTTP, XML, etc.)
In depth understanding of SDLC models and approaches
Experience coding with C/C++, Java, .NET or other programming and scripting languages
Excellent communication (written and oral) and interpersonal skills
Strong organizational, multi-tasking, and time-management skills
Ability to travel
Active security clearance a big plus
Application development experience a plus
Mobile application security experience a plus
Consulting experience is a plus
CISSP or other security certifications
Governance, regulatory or controls experience
Understanding of software development methodologies such as waterfall, Rational Unified
Process and Agile software development
Understanding of information security and available security tools and technologies