Job Openings Application Offensive Security Consultant

About the job Application Offensive Security Consultant

Job Overview:
We are seeking an experienced Application Offensive Security Consultant to join our Application Security team. In this role, you will contribute to our Technology Risk initiative by performing offensive security assessments on applications and providing subject matter expertise (SME) guidance to key projects. The ideal candidate has a strong background in application security testing, red teaming, and manual security testing, along with a passion for hands-on work and application defense.

Key Responsibilities:

  • Conduct red team assessments against applications and APIs.
  • Perform application threat hunting to evaluate risks.
  • Perform manual (non-automated) security testing of applications.
  • Deliver vulnerability information in a predefined report format after manual testing using security tools and techniques.
  • Generate and summarize assessment reports to facilitate remediation.
  • Provide SME guidance and respond to security engineering questions related to application defense enhancements.
  • Collaborate with security architects, product managers, risk managers, and other teams to ensure high-quality outcomes.

Required Skills & Experience:

  • Minimum 6 years of experience in application security testing.
  • At least 4 years of experience in conducting red teaming engagements.
  • Proficiency in application security testing tools such as Burp Suite Professional and OWASP ZAP.
  • Strong ability to perform manual security testing and leverage live-off-the-land strategies.
  • Deep understanding of vulnerabilities in the OWASP Top 10 and SANS Top 25 and the ability to explain them to a wide range of audiences.
  • Knowledge of MITRE ATT&CK Framework and adversarial methodologies.
  • Capability to bypass security controls and test countermeasures for misconfigurations.
  • Strong multitasking abilities and the capability to perform well under pressure.

Certifications (Preferred but not Required):

  • OSCP (Offensive Security Certified Professional), GWAPT, or equivalent certifications in offensive security/red teaming.

Additional Notes:
This is not a typical penetration testing role that extends beyond traditional pen-testing responsibilities. Instead, it focuses on manual application testing and security assessments that align with real-world adversarial scenarios. Candidates who enjoy Capture The Flag (CTF) competitions and have a strong hands-on approach to security will thrive in this position.

Education:

  • Bachelor's Degree or equivalent experience