Consultant Application & Offensive Security - Remote

Trinity Health

Livonia, MI(remote)

JOB DETAILS
SKILLS
Analysis Skills, Application Programming Interface (API), Applications Security, Authentication, Coding Standards, Computer Science, Computer Security, Consulting, Continuous Deployment/Delivery, Continuous Improvement, Continuous Integration, Cross-Functional, Data Analysis, DevOps, Establish Priorities, Green Business, Industry Standards, Information/Data Security (InfoSec), Internet Security, Machine Tool, Organizational Development/Management, Organizational Skills, Penetration Testing, Product Lifecycle, Quality Assurance Methodology, Regulatory Compliance, Risk, Risk Analysis, Risk Management, Secure Coding, Security Analysis, Security Architecture, Security Design, Security Software, Software Development Lifecycle (SDLC), Software Testing, Team Player, Test Tools, Threat Modeling, U.S. National Institute of Standards and Technology (NIST)
LOCATION
Livonia, MI
POSTED
7 days ago

Employment Type:

Full time

Shift:

Description:

The primary responsibility of the Consultant Applications and Offensive Security is to design, build, and operationalize a Secure Coding Center of Excellence (CoE). This role will partner with development teams to embed security into the software development lifecycle, standardize secure coding practices, and improve the organization's ability to prevent vulnerabilities at scale.This position influences development teams, drives adoption, and delivers measurable risk reduction.

The primary responsibility of the Consultant Applications and Offensive Security is to design, build, and operationalize a Secure Coding Center of Excellence (CoE). This role will partner with development teams to embed security into the software development lifecycle, standardize secure coding practices, and improve the organization's ability to prevent vulnerabilities at scale.This position influences development teams, drives adoption, and delivers measurable risk reduction.

  • Designs, develops, and supports the implementation of a Secure Coding Center of Excellence (CoE), including operating model, standards, and governance.

  • Embeds secure development lifecycle (SDLC) practices into development processes by integrating security controls into CI/CD pipelines and developer workflows.

  • Develops, documents, and promotes adoption of enterprise secure coding standards and patterns across multiple development teams and technology stacks.

  • Performs platform application security assessments and threat modeling to identify design weaknesses and exploitable conditions.

  • Provides clear, actionable remediation guidance to development teams, translating security findings into practical development fixes.

  • Drives adoption of secure coding practices by partnering with development, product, and DevOps teams and influencing design and development decisions.

  • Implements and optimizes application security tooling and augment automated results with manual and adversarial testing where tooling falls short.

  • Develops and delivers role-based secure coding training and developer enablement programs, including support for security champions initiatives.

  • Analyzes vulnerability data and application risk to support risk-based prioritization and reduction of systemic weaknesses.

  • Defines, tracks, and reports on application security metrics and KPIs, including vulnerability trends, remediation timelines, and defect recurrence.

  • Advises stakeholders on alignment with industry frameworks and standards (e.g., NIST CSF, Zero Trust, OWASP) and supports audit and compliance requirements.

  • Contributes to continuous improvement of application security practices by identifying opportunities to standardize, automate, and scale controls across the enterprise.

  • Collaborates cross-functionally with security, architecture, development, and operations teams to drive consistent and sustainable security practices.

  • Performs manual application security testing, including deep-dive code-assisted analysis and adversarial testing techniques, to identify exploitable vulnerabilities beyond automated tooling.

  • Validates the effectiveness of secure coding standards and SDLC controls through offensive testing and exploitation-driven analysis.

  • Partners with development teams to reproduce, exploit, and remediate complex application vulnerabilities.

  • Supports penetration testing and offensive security initiatives by providing application-layer expertise, design review, and exploitability analysis.

  • pay grade 17 range 120,446.2905-198,736.3793 Actual compensation will fall within the range but may vary based on factors such as experience, qualifications, education, location, licensure, certification requirements, and comparisons to colleagues in similar roles.

Minimum Qualifications

  • Bachelor's degree in Computer Science, Engineering, Information Systems, Cyber Security or a related field or an equivalent combination of education and experience.
  • 8-10 or more years of progressive experience with application security and offensive security protocols.
  • Demonstrated experience building or supporting secure coding and application security programs, including development and adoption of secure coding standards and patterns.
  • Demonstrated experience conducting manual application penetration testing or adversarial security assessments, with the ability to assess exploitability and real‑world impact.
  • Strong expertise in secure SDLC practices and embedding security controls into CI/CD pipelines and development workflows.
  • Deep understanding of web and API security, including OWASP Top 10 vulnerabilities, authentication, authorization, and data protection concepts.
  • Hands-on experience performing application threat modeling and security assessments, with the ability to translate findings into secure design recommendations.
  • Experience integrating and utilizing application security tooling (SAST, DAST, SCA) and guiding development teams on remediation.
  • Ability to apply a risk-based approach to vulnerability management, considering business impact, exploitability, and exposure.
  • Proven ability to collaborate with and influence development teams, providing actionable guidance and communicating security concepts to technical and non-technical stakeholders.

Our Commitment

Rooted in our Mission and Core Values, we honor the dignity of every person and recognize the unique perspectives, experiences, and talents each colleague brings. By finding common ground and embracing our differences, we grow stronger together and deliver more compassionate, person-centered care. We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other status protected by federal, state, or local law.

About the Company

T

Trinity Health

Trinity Health is one of the largest not-for-profit, faith-based health care systems in the nation. It is a family of 121,000 colleagues and nearly 36,500 physicians and clinicians caring for diverse communities across 27 states. Nationally recognized for care and experience, the Trinity Health system includes 101 hospitals, 126 continuing care locations, the second largest PACE program in the country, 136 urgent care locations and many other health and well-being services. In fiscal year 2023, the Livonia, Michigan-based health system invested $1.5 billion in its communities in the form of charity care and other community benefit programs.
COMPANY SIZE
10,000 employees or more
INDUSTRY
Healthcare Services
WEBSITE
https://jobs.trinity-health.org/search-results