Job Title

Senior Application Security ConsultantJoin to apply for the Senior Application Security Consultant role at CyberCX. Candidates experienced with Application Security including threat modelling, secure code review, and an understanding of frameworks such as the OWASP SAMM and NIST SSDF are strongly encouraged to apply.Applicants can work remotely; however core requisites are:Must have unrestricted work rights and be on a pathway to permanent residencyMust be currently based in Australia; cannot work from overseas for security reasonsCan work predominantly remotely or hybrid, but need to be within commutable distance of one of our national officesSupport in defining and executing the Application Security strategy and planning, focused on upskilling practices internally at CyberCX to create delivery specialists and identify new ways of delivering Application Security Services to clientsDeliver top Application Security services and STA services where required to a high standard, specifically those with large or complex testing requirementsBuild out and promote strong, longlasting relationships with a diverse range of customers, and identify and explore opportunities within existing and new customersAct as a subject matter expert and technical leader both within STA and externally across practice for Application Security servicesPrepare highquality reports detailing security issues, making recommendations, and identifying solutions, and lead presentations and discussions with customers around Application Security work performed, key results, strategies, processes recommendations and next steps/roadmap to successEngage with Customer Sales and Customer Solutions team in a presales capacity to assist with technical methodology aspects, costing scoping, standardised proposal methodologies, RFQs and tendersEnsure that KPIs around client expectation management, delivery deadlines, quality of work and deliverables etc are met, including maintaining visibility of project budget vs actual delivery time and flowing up deviationsLead, coach and build a high performing team as well as other members of external practices to enable learning, development, and capability upliftMeeting your utilisation targets and ensuring onbudget deliveryAssist the Managing Consultant AppSec to develop standardised methodologies, identify and build tools, and improve processesAssist with R&D, innovation, and practice improvement activities, under supervisionPreferred Qualifications, Experience & Skills3+ years of experience in application security services, penetration testing, and/or software development, including but not limited to the following:Conducting threat modelling exercises and design reviewsBuilding, supporting and implementing automated security testing toolsImplementing DevSecOps processes and managing CI/CD pipelinesConducting secure code reviews for various languages and frameworksPerforming Secure SDLC and Secure DevOps reviews against industry standards such as OWASP SAMM, BSIMM or DevSecOps maturity modelExperience with containerisation and Infrastructure as Code (IaC)Tertiary qualification in information systems, cyber security, software development or a similar field, or equivalent industry experienceExperience in cloud security and automated application deployment processesStrong stakeholder engagement and communication skills with an ability to build credibility with senior leaders and internal working teamsAbout CyberCXCyberCX is the leading independent cyber security services organisation in Australia and New Zealand. CyberCX is Australia''s greatest force of cyber security professionals. CyberCX has united the country''s most trusted cyber security companies to deliver the most comprehensive endtoend cyber security services offering to Australian enterprises and governments.We are cyber security experts first and foremost. We''re a unified team of highly qualified, certified and skilled professionals working together on the same mission: to protect and defend Australian organisations from cyber threats.We specialise in: Strategy & Consulting | Governance, Risk & Compliance | Security Testing & Assurance | Identity & Access Management | Network & Infrastructure Solutions | Managed Security Services | Cloud Security & Solutions | Digital Forensics & Incident Response | Cyber Capability, Education & TrainingNB. Due to Christmas Holidays all applicants will be reviewed week commencing 12th Jan.#J-18808-Ljbffr