Senior Application Security Consultant (IS Consultant IV)

About the role

The Senior Application Security Consultant drives secure software development practices across the organization. You will work closely with DevOps, developers, product owners, and external vendors to embed security throughout the Software Development Life Cycle.

Key responsibilities

• Perform manual and automated security testing (DAST, SAST, OSCA) on running applications and source code.
• Integrate application security tools into CI/CD pipelines and train DevOps teams on their use.
• Conduct one‑on‑one code reviews, threat modeling, and security architecture reviews.
• Manage continuous assessment of production applications, tune web application firewall (WAF) rules, and respond to security alerts.
• Provide remediation guidance and develop secure coding standards for diverse technical teams.

Required profile

• Advanced programming experience in Java, Python, Swift or similar languages.
• Hands‑on expertise with application security tools such as Checkmarx, Black Duck, NowSecure, Burp Suite, Sonatype or comparable solutions.
• Proven ability to lead security assessments, threat modeling, and third‑party application reviews.
• Strong communication skills to articulate risk and recommendations to developers, vendors, and executives.

Required skills

• Java
• Python
• Swift
• Checkmarx
• Black Duck
• NowSecure
• Burp Suite
• Sonatype
• SAST
• DAST
• Open Source Component Analysis (OSCA)
• Web Application Firewall (WAF) tuning