Security Consultant (Secure Code Review) - remote

NetSPI is a fast-growing, dynamic cyber security company headquartered in the North Loop of Minneapolis. As one of the top penetration testing and vulnerability management companies, we are continually growing, and we pride ourselves on keeping current and cutting-edge in everything we do. If you thrive in an energetic setting working with leading edge technology - we want to meet you!

NetSPI is seeking Security Consultants at varying levels for our secure code review practice. These individuals will primarily serve as a resource for delivery of client assessment services and contribute to practice development. This position requires an understanding of technology, enterprise security and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication and project execution.

Primary Duties:

• Deliver secure code review assessment on programming languages such as Java, C#, PHP, Python, Perl, C/C++ , SQL, Javascript: Node, React, Angular, GO
• Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques
• Train and assist developers in writing secure software and remediating existing vulnerabilities
• Develop and review custom vulnerability description, business impact and remediation content
• Develop, research and recommend open source tools assisting in secure code review
• Contribute to development and delivery of secure coding and remediation training
• Recommend best practices to integrate and automate application security testing in SDLC

Basic Qualifications:

• 2+ years of experience in application security including secure code review, web application penetration testing or threat modelling
• 2+ years of experience in secure code review / static application security testing (SAST)
• Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code
• Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience
• High standards of ethics, integrity and professionalism
• Bachelor's degree with a focus in IT, Computer Science, Engineering or Math
• Able to travel up to 25%

Preferred Qualifications:

• Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities in at least two of the following languages: Java, C#, PHP, Python, Perl, C/C++ , SQL, Javascript: Node, React, Angular, GO
• Hands-on experience conducting security focused static analysis using commercial SAST tools such as Checkmarx, Appscan Source, Veracode, Coverity, Fortify and SonarQube
• Experience in software development in at least one server-side programming language
• Experience in integrating static application security tools in CI/CD environment
• Master's degree in IT, Computer Science, Engineering or Math

This position may be located in Minneapolis, MN, Portland, OR, or remote in the US.