NetSPI
Senior Security Consultant (Secure Code Review)
NetSPI, Minneapolis, Minnesota, United States, 55400
Senior Security Consultant (Secure Code Review)
2 days ago Be among the first 25 applicants
NetSPI® is an award‑winning pioneer of Penetration Testing as a Service (PTaaS) with its AI‑powered platform supported by more than 350 in‑house cybersecurity experts. Specializing in 50+ pentest types, attack surface visibility, vulnerability prioritization, and attack simulation, NetSPI delivers security testing with unprecedented clarity, speed, and scale. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer‑first mindset to join our team. Learn more about our award‑winning workplace culture and get to know our A‑Team at www.netspi.com/careers. NetSPI is seeking a Senior Security Consultant who will serve as a resource for delivery of secure code review and web application penetration assessments. This position requires an understanding of various web technologies, enterprise secure development and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution.
Responsibilities
Conduct in-depth penetration testing and secure code review assessments on web applications
Dynamically exploit vulnerabilities found in codebase and correlate insecure coding practices into dynamic application vulnerabilities
Deliver secure code review assessment on programming languages such as Java, C#, Python, C/C++, Perl, PHP
Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques
Train and assist developers in writing secure software and remediating existing vulnerabilities
Provide oversight to peers on service lines through QA process
Mentor and assist team members in effectively delivering assessments and enhancing skillsets
Present detailed penetration test findings to clients and assist in remediation planning
Engage in research to develop new penetration testing methods, tools, and innovative exploit techniques
Contribute to the cybersecurity community through tools, presentations, white papers, and blogging
Maintain consistency with other internal requirements related to day‑to‑day administration tasks (time keeping, status updates to clients)
Minimum Qualifications
Minimum of 3‑5 years of experience in application security including both secure code review and web application penetration testing
Exceptional familiarity in all Burp Suite functions. Published Burp extensions and ability to create new Burp Suite extensions preferred
Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code
Ability to explain risk and business impact of security vulnerabilities to variety of audience
Bachelor’s degree or higher, preferably in Computer Science, Engineering, Mathematics, IT, or a related field; equivalent experience will also be considered.
Willingness to travel up to 25%
Preferred Qualifications
Ability to provide technical and QA oversight on Web Application Penetration Testing and Secure Code Review service lines.
Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities using SAST and/or manual secure code review in at least two of the following languages: Java, C#, PHP, Python, C/C++
Experience in software development in at least one server‑side programming language
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
Industries
Computer and Network Security
#J-18808-Ljbffr
NetSPI® is an award‑winning pioneer of Penetration Testing as a Service (PTaaS) with its AI‑powered platform supported by more than 350 in‑house cybersecurity experts. Specializing in 50+ pentest types, attack surface visibility, vulnerability prioritization, and attack simulation, NetSPI delivers security testing with unprecedented clarity, speed, and scale. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer‑first mindset to join our team. Learn more about our award‑winning workplace culture and get to know our A‑Team at www.netspi.com/careers. NetSPI is seeking a Senior Security Consultant who will serve as a resource for delivery of secure code review and web application penetration assessments. This position requires an understanding of various web technologies, enterprise secure development and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution.
Responsibilities
Conduct in-depth penetration testing and secure code review assessments on web applications
Dynamically exploit vulnerabilities found in codebase and correlate insecure coding practices into dynamic application vulnerabilities
Deliver secure code review assessment on programming languages such as Java, C#, Python, C/C++, Perl, PHP
Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques
Train and assist developers in writing secure software and remediating existing vulnerabilities
Provide oversight to peers on service lines through QA process
Mentor and assist team members in effectively delivering assessments and enhancing skillsets
Present detailed penetration test findings to clients and assist in remediation planning
Engage in research to develop new penetration testing methods, tools, and innovative exploit techniques
Contribute to the cybersecurity community through tools, presentations, white papers, and blogging
Maintain consistency with other internal requirements related to day‑to‑day administration tasks (time keeping, status updates to clients)
Minimum Qualifications
Minimum of 3‑5 years of experience in application security including both secure code review and web application penetration testing
Exceptional familiarity in all Burp Suite functions. Published Burp extensions and ability to create new Burp Suite extensions preferred
Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code
Ability to explain risk and business impact of security vulnerabilities to variety of audience
Bachelor’s degree or higher, preferably in Computer Science, Engineering, Mathematics, IT, or a related field; equivalent experience will also be considered.
Willingness to travel up to 25%
Preferred Qualifications
Ability to provide technical and QA oversight on Web Application Penetration Testing and Secure Code Review service lines.
Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities using SAST and/or manual secure code review in at least two of the following languages: Java, C#, PHP, Python, C/C++
Experience in software development in at least one server‑side programming language
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
Industries
Computer and Network Security
#J-18808-Ljbffr