Employment Type:

Full time

Shift:

Description:

The primary responsibility of the Consultant Applications and Offensive Security is to design, build, and operationalize a Secure Coding Center of Excellence (CoE). This role will partner with development teams to embed security into the software development lifecycle, standardize secure coding practices, and improve the organization’s ability to prevent vulnerabilities at scale.This position influences development teams, drives adoption, and delivers measurable risk reduction.

The primary responsibility of the Consultant Applications and Offensive Security is to design, build, and operationalize a Secure Coding Center of Excellence (CoE). This role will partner with development teams to embed security into the software development lifecycle, standardize secure coding practices, and improve the organization’s ability to prevent vulnerabilities at scale.This position influences development teams, drives adoption, and delivers measurable risk reduction.

• Designs, develops, and supports the implementation of a Secure Coding Center of Excellence (CoE), including operating model, standards, and governance.

• Embeds secure development lifecycle (SDLC) practices into development processes by integrating security controls into CI/CD pipelines and developer workflows.

• Develops, documents, and promotes adoption of enterprise secure coding standards and patterns across multiple development teams and technology stacks.

• Performs platform application security assessments and threat modeling to identify design weaknesses and exploitable conditions.

• Provides clear, actionable remediation guidance to development teams, translating security findings into practical development fixes.

• Drives adoption of secure coding practices by partnering with development, product, and DevOps teams and influencing design and development decisions.

• Implements and optimizes application security tooling and augment automated results with manual and adversarial testing where tooling falls short.

• Develops and delivers role-based secure coding training and developer enablement programs, including support for security champions initiatives.

• Analyzes vulnerability data and application risk to support risk-based prioritization and reduction of systemic weaknesses.

• Defines, tracks, and reports on application security metrics and KPIs, including vulnerability trends, remediation timelines, and defect recurrence.

• Advises stakeholders on alignment with industry frameworks and standards (e.g., NIST CSF, Zero Trust, OWASP) and supports audit and compliance requirements.

• Contributes to continuous improvement of application security practices by identifying opportunities to standardize, automate, and scale controls across the enterprise.

• Collaborates cross-functionally with security, architecture, development, and operations teams to drive consistent and sustainable security practices.

• Performs manual application security testing, including deep-dive code-assisted analysis and adversarial testing techniques, to identify exploitable vulnerabilities beyond automated tooling.

• Validates the effectiveness of secure coding standards and SDLC controls through offensive testing and exploitation-driven analysis.

• Partners with development teams to reproduce, exploit, and remediate complex application vulnerabilities.

• Supports penetration testing and offensive security initiatives by providing application-layer expertise, design review, and exploitability analysis.

• pay grade 17 range 120,446.2905-198,736.3793  Actual compensation will fall within the range but may vary based on factors such as experience, qualifications, education, location, licensure, certification requirements, and comparisons to colleagues in similar roles.

Minimum Qualifications

• Bachelor’s degree in Computer Science, Engineering, Information Systems, Cyber Security or a related field or an equivalent combination of education and experience.
• 8-10 or more years of progressive experience with application security and offensive security protocols.
• Demonstrated experience building or supporting secure coding and application security programs, including development and adoption of secure coding standards and patterns.
• Demonstrated experience conducting manual application penetration testing or adversarial security assessments, with the ability to assess exploitability and real‑world impact.
• Strong expertise in secure SDLC practices and embedding security controls into CI/CD pipelines and development workflows.
• Deep understanding of web and API security, including OWASP Top 10 vulnerabilities, authentication, authorization, and data protection concepts.
• Hands-on experience performing application threat modeling and security assessments, with the ability to translate findings into secure design recommendations.
• Experience integrating and utilizing application security tooling (SAST, DAST, SCA) and guiding development teams on remediation.
• Ability to apply a risk-based approach to vulnerability management, considering business impact, exploitability, and exposure.
• Proven ability to collaborate with and influence development teams, providing actionable guidance and communicating security concepts to technical and non-technical stakeholders.

Our Commitment

Rooted in our Mission and Core Values, we honor the dignity of every person and recognize the unique perspectives, experiences, and talents each colleague brings. By finding common ground and embracing our differences, we grow stronger together and deliver more compassionate, person-centered care. We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other status protected by federal, state, or local law.