Principal Application Security Consultant Vulnerability Assessment

Job description

<p><p><b>Job Description :</b><br/><br/></p><p>Prudent Technologies and Consulting is seeking an experienced Principal Application Security Engineer to lead our rapidly expanding web application penetration testing services.<br/><br/></p><p>This senior-level position will play a critical role in advancing our offensive security capabilities, mentoring junior security consultants, and delivering high-value security assessments to our global client base.<br/><br/></p><p>The ideal candidate will combine technical expertise in web application security with leadership skills and client engagement experience to drive our security consulting practice forward.<br/><br/></p><p>As a Principal Application Security Engineer, you will serve as a technical leader within our offensive security practice, specializing in web application penetration testing methodologies.<br/><br/></p><p>You will lead complex security engagements, provide subject matter expertise to clients and internal teams, mentor junior security consultants, and contribute to the development of our service offerings.<br/><br/></p><p>This position requires a deep understanding of application security principles, extensive hands-on testing experience, and exceptional communication skills to translate technical findings into actionable business :</b></p><p><br/></p>- Lead complex web application penetration testing engagements for enterprise clients, ensuring delivery of high-quality assessments that meet or exceed client expectations.<br/><br/></p><p>- Serve as the principal security advisor to clients, translating technical findings into business context and providing strategic remediation guidance.<br/><br/></p><p>- Develop and enhance the organization's application security testing methodologies, incorporating industry best practices like OWASP and MITRE ATT&CK frameworks.<br/><br/></p><p>- Perform advanced manual testing to identify sophisticated vulnerabilities beyond the capabilities of automated tools, including business logic flaws, authentication bypasses, and authorization weaknesses.<br/><br/></p><p>- Conduct comprehensive threat modeling sessions with development teams to identify security risks early in the software development lifecycle.<br/><br/></p><p>- Lead code reviews to identify security vulnerabilities in client applications and provide remediation guidance.<br/><br/></p><p>- Create detailed technical reports and executive summaries that clearly articulate security findings, business impact, and prioritized remediation recommendations.<br/><br/></p><p>- Mentor junior security consultants, providing technical guidance and contributing to their professional development.<br/><br/></p><p>- Collaborate with sales teams to scope complex engagements, participate in pre-sales activities, and support business development efforts.<br/><br/></p><p>- Contribute to research initiatives that enhance the company's security testing capabilities and industry reputation.<br/><br/></p><p>- Evaluate emerging tools and technologies to improve the efficiency and effectiveness of security testing Qualifications :</b></p><p><br/></p>- 5 to 8+ years of professional experience in application security, with a strong focus on web application penetration testing.<br/><br/></p><p>- Demonstrated expertise in identifying, exploiting, and documenting complex web application vulnerabilities following OWASP methodologies.<br/><br/></p><p>- Proficiency with industry-standard penetration testing tools including Burp Suite Professional, DAST scanners, and other exploitation frameworks.</p><p><br/></p><p>- Experience leading security assessments across diverse technologies and environments including web applications, APIs, cloud services (AWS, Azure, GCP), and modern web frameworks.<br/><br/></p><p>- Strong understanding of secure coding practices, common vulnerability patterns, and remediation strategies across multiple programming languages and frameworks.<br/><br/></p><p>- Exceptional technical writing skills, with the ability to produce clear, concise, and compelling security assessment reports for both technical and executive audiences.<br/><br/></p><p>- Proven ability to build trusted relationships with clients and effectively communicate complex security concepts to technical and non-technical stakeholders.</p><p><br/></p><p>- Experience mentoring junior security professionals and leading technical Qualifications :</b></p><p><br/></p>- Bachelor's degree in computer science, cybersecurity, or related technical field.<br/><br/></p><p>- Good to have advanced security certifications such as OSWE, GWAPT, GPEN, OSCP, or equivalent industry recognitions.<br/><br/></p><p>- Experience developing custom tools or scripts to automate aspects of penetration testing using Python, Go, or similar languages.<br/><br/></p><p>- Prior software development experience that informs a deep understanding of modern application architectures and development practices.<br/><br/></p><p>- Contributions to the security community through published research, CVE discoveries, open-source tool development, or conference presentations.<br/><br/></p><p>- Experience with mobile application security testing (iOS and Android) and API security assessment methodologies.<br/><br/></p><p>- Knowledge of cloud security architecture and specialized cloud service penetration testing techniques.<br/><br/></p><p>- Experience with AI/ML system security evaluation and testing :</b></p><p><br/></p>- Direct work experience performing application penetration testing assessments; ability to begin testing immediately with guidance on Prudents specific approach and methodology.<br/><br/></p><p>- Bachelor's degree in computer science, cybersecurity, or related technical field.</p><br/></p> (ref:hirist.tech)

Required Skill Profession

Computer Occupations