Consultant - Threat (Application Security) , REMOTE- Any US Location
- Denver, CO, USA
- Employees can work remotely
- Travel Required: 20 - 29%
At Optiv, we’re on a mission to help our clients make their businesses more secure. We’re one of the fastest growing companies in a truly essential industry.
In your role at Optiv, you’ll be inspired by a team of the brightest business and technical minds in cyber security. We are passionate champions for our clients, and know from experience that the best solutions for our clients’ needs come from working hard together. As part of our team, your voice matters, and you will do important work that has impact, on people, businesses and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We’re proud of our team and the important work we do to build confidence for a more connected world.
Optiv is a multi-disciplined consulting team with focus areas on network penetration, malware analysis, vulnerability research, hardware testing, operating system, mobile device, and application testing. The Application Security (AppSec) practice focuses on mobile and web application testing, and generally anything in Java, .Net, PHP or Web/Mobile frameworks. This position entails working closely with a client’s security team to operationalize and optimize automated testing solutions and CI/CD pipeline integration. The primary technological focus will be serving as a subject matter expert for BlackDuck SCA and Checkmarx SAST scanning operations. Qualified candidates will demonstrate ability to:
Work closely with InfoSec team to:
- Triage results from Black Duck
- Work with InfoSec team to resolve any integration issues in the pipelines
- Suggest remediations for reported issues
- Create documentation and presentations for security champions on the development team to explain the process used to triage results and work with Black Duck in general
- Work with security engineers, developers, and build engineers to properly configure Black Duck within various CI/CD pipelines
- Quickly compare Black Duck results to application source code to determine if the Black Duck build step is correctly configured
- Triage Checkmarx Results (and also help define the triage process)
- Document the triaging process for future reference and present the results to the product teams (review feedback from product teams and update the triaging process as needed)
- Help onboard applications and pipelines pipelines onto the on-premise Checkmarx installation
- Work with InfoSec team to develop on-boarding checklist, exclusion folders, rule presets for various types of applications for Checkmarx
- Review Checkmarx scan logs to monitor the performance of Checkmarx scans and suggest necessary changes to Checkmarx settings to improve the performance
- Work with developers to review application code to find exclusions
- Work with InfoSec team to define the remediation policy (SLA for resolving vulnerabilities, reporting guidelines, issue tracking integration)
- Document remediation steps(recommendations) for Checkmarx findings
Skills we expect:
- Working knowledge of various package managers: gradle, maven, npm, yarn
- Working knowledge of various CI/CD tools: Gitlab CI, Bamboo, Jenkins
- Working knowledge of CVE, CVSS, and common vulnerability classes
- Ability to aggregate and present metrics on the results from Black Duck
- Able to demonstrate a comprehensive application testing methodology.
Why you’ll love it here:
If you are seeking a culture that supports growth, fosters success and moves the industry forward, find your place at Optiv! As a market-leading provider of cyber security solutions, Optiv has the most comprehensive ecosystem of security products and partners to deliver unparalleled services. Our rich and successful history with our clients is based on trust, serving more than 12,000 clients of varying sizes and industries, including commercial, government and education. We have the proven expertise to plan, build, and run successful security programs across Risk Management, Cyber Digital Transformation, Threat Management, Security Operations – Managed Services and Identity and Data Management. Optiv remains committed to championing Diversity, Equality and Inclusion within our organization and throughout the industry.
With Optiv you can expect:
- Work/life balance. We offer “Recharge” a flexible, time-off program that encourages eligible employees to take the time they need to recharge
- Professional training resources, including tuition reimbursement
- Creative problem-solving and the ability to tackle unique, complex projects
- Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities.
- The ability and technology necessary to productively work remote/from home (where applicable)
Optiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law.