Skip navigation

Sr Security Consultant, Application Security

Job Description



If you have multiple years of application security assessment experience and enjoy the challenge of working with customers to analyze, identify, and report
application vulnerabilities, then, we have the opportunity for you!


Is focused on providing application security consulting services, including, but  not limited to, automated and manual run-time assessments, automated and manual code reviews, application threat modeling, and secure SDLC review and development services.

Requires excellent written and verbal communication skills and demonstrated technical depth and breadth of expertise in security, programming, and application vulnerabilities.

Provides the opportunity to participate in multiple aspects of the consulting role, such as, services delivery, training, pre-sales, requirements collection, and project scoping.

Job Requirements


A minimum equivalent of experience and/or education that would provide the
relevant knowledge and abilities to perform the type of work described herein.

Education: Achievement of a relevant Bachelor’s Degree or equivalent years of relevant coursework, training, and experience in programming, networking and security fundamentals, application security, and database security.

Experience: Five to eight years of relevant Application Security experience, including web and mobile application security assessments, source code analysis, enterprise application development, application security vulnerability research, analysis and consulting, and vulnerability management mitigation, and remediation.


Working knowledge of automated application security scanning tools such as IBM AppScan and AppScan Source, HP WebInspect and Fortify, or similar commercial solutions and toolset

Working knowledge of manual assessment tools such as HTTP Proxies (Burp Suite Pro, Webscarab, Spike), browser plug-ins (Web Developer Toolbar, Firebug), automation scripts (Perl/Python), fuzzers (w3af, Peach), or similar commercial and open source tools

Working knowledge of application security assessment and code review methodologies

Working knowledge of application security vulnerabilities, remediation and mitigation techniques, and secure coding practices

Working knowledge of object oriented programming and design fundamentals

Expert knowledge of web technologies (.ASP, .NET, Java)

Exposure to Application Security Maturity Models (OpenSAMM, MS SDL)

Experience with business and functional requirements collection

Strong leadership and organizationalskills

Excellent written and verbal communication skills

Excellent facilitation skills and ability to lead group discussions

Experience in mentoring and coaching staff

Ability to complete assigned tasks or projects with limited supervision

Ability to work under demanding circumstances and accomplish objectives

Strong analytical skills to troubleshoot technical problems and determine resolution


Advanced Technical Degrees

Certification (OSCE, CISSP, SANS)

Ability and experience in delivering security awareness training

Experience in speaking or presenting at national and local security conferences and events

Working knowledge of networking, network design, and network security

Exposure to a range of security products such as Authentication, Firewalls, Intrusion Detection and Prevention Systems

Although FishNet Security has attempted to accurately and thoroughly describe this position, we reserve the right to change, add to or subtract from the duties
outlined, within the sole discretion of FishNet Security, at any time, with or
without advance notice.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.


Job Snapshot

Post Date 3/24/2014
Location Boston, MA
Employment Type Full-Time
Job Type Consultant, Professional Services
Education 4 Year Degree
Experience Not Specified
Manages Others Not Specified
Industry Other Great Industries
Required Travel Not Specified
Job ID 2013-1969
CareerBuilder Tip:
For your privacy and protection, when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction. Learn more.

By applying to a job using you are agreeing to comply with and be subject to the Terms and Conditions for use of our website. To use our website, you must agree with the Terms and Conditions and both meet and comply with their provisions.