Fusion HCR is hiring and AppSec/DevSecOps Expert for a direct hire, remote opportunity with a leader in the managed security space.
The Application Security (AppSec) and Development Security Operations (DevSecOps) Expert will be a crucial member of our clients Security Services business, driving AppSec and DevSecOps capabilities. The potential candidate will be a trusted advisor to our Fortune 500 clients and a security expert who can speak to "secure by design" concepts, secure application development methodologies, and communicate recommendations and program enhancements to technical and leadership/executive audiences. The Expert will be focused on and have in-depth knowledge of Application Security, complemented by general security knowledge across domains and competencies.
Working directly with customers to understand their strategic initiatives and the challenges that come in protecting custom and commercial off the shelf (COTS) applications, the Expert will help the Practice lead in developing a capabilities framework for the Practice area. The Expert will help mature our capabilities, including the creation of staffing and hiring plans (people), development of viewpoints and sales collateral, delivery templates and procedures (process), and alignment of technology and vendor partners (technology). This role will help the sales team understand customer challenges and translate those needs into proposals and Security engagements. The Expert will lead AppSec/DevSecOps teams and deliver Practice aligned projects as sold.
AppSec/DevSecOps capabilities would include concepts such as Secure-by-Design, DevSecOps, Secure Software Development Lifecycle (S-SDLC), Threat Modeling, Requirements Gathering, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Penetration Testing, Code Remediation, and other capabilities as identified by the Practice Leader.
Role Skill / Experience Requirements:
- Develop capabilities for the AppSec/DevSecOps Security Practice Areas, including the definition of capabilities, development of sale collateral, creation of delivery methodologies and templates, identification of supporting technologies and partners, and training and hiring plans for the Practice.
- Deliver AppSec/DevSecOps projects and/or manage delivery teams within the scope of the capabilities defined for the Practices and the customer signed SOWs.
- Develop AppSec/DevSecOps teams while balancing utilization and pipeline metric.
- Drive the sales and capture activities for AppSec/DevSecOps capabilities and identify opportunities to deliver all of our clients security offerings. Drive the bookings of $1M in AppSec/DevSecOps Capabilities.
- Develop proposals and Statement of Works (SOW) to deliver AppSec/DevSecOps projects as discussed and scoped with the customer.
- Produce marketing materials highlighting AppSec/DevSecOps offerings such as point of view documents, blog posts, YouTube videos, presenting in conferences, etc.
- Mentor staff and encourage our culture.
Preferred Skills / Experience Requirements:
- 8+ years of relevant professional work experience
- 6+ years of experience working in a Cybersecurity role
- 4+ years of prior Cybersecurity consulting experience
- 4+ years of experience directly managing, supporting, and implementing AppSec/DevSecOps programs and technology
- Expert knowledge and hands-on experience with Application Security Program Assessments and Maturity Scoring, Vulnerability Assessments, Risk Assessments, SDLC process improvement, and Threat Modeling.
- Ability to and prior experience working with customers to identify project requirements, develop proposals, scope projects, and develop SOWs
- Ability to build long-lasting relationships with customers
- Ability and willingness to mentor and grow junior staff.
- Understanding of common security frameworks such as NIST, ISO, COBIT, etc.
- Experience in OWASP TOP 10 vulnerabilities, BSIMM, open-source tools, and coding methodologies
- Bachelor’s Degree in a relevant field or equivalent experience
- Speak and understand English fluently
- Big 4 / Top Tier Management Consulting experience
- Familiarity with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
- Familiarity with web application vulnerability scanning tools (e.g., IBM AppScan, HP, Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
- Familiarity with static analysis tools (e.g., IBM Appscan Source, H.P. Fortify)
- Familiarity with interactive and automated penetration testing
- Familiarity with Containers and the implications of migrating applications to the Cloud
- MBA or Master’s Degree in a related field or equivalent experience
- Certified Information Systems Security Professional (CISSP) or similar technical cybersecurity certifications
- Project Management Professional (PMP) or comparable work experience
- Located in Phoenix, AZ; San Diego, CA; Dallas, TX, Minneapolis, MN; Atlanta, GA