Application Security Consultant, DevSecOps

- 3+ years of offensive and defensive application security experience with hands-on expertise in SAST and SCA tools like Checkmarx and Synk, including findings triage, ruleset tuning, and managing vulnerability lifecycle across enterprise environments - Strong understanding of OWASP Top Ten and broader web and API vulnerabilities, including practical remediation techniques within enterprise settings - Knowledge of web and mobile application development and deployment methodologies - Hands-on experience securing AWS cloud environments such as Lambda, API Gateway, IAM, and S3, including operating cloud-native security platforms like Orca Security, Wiz, or Prisma Cloud to identify and remediate risks - Ability to read and analyze code in languages such as Node.js, JavaScript, Java, or Python - Capability to perform meaningful secure code reviews, validate SAST/SCA findings, and collaborate effectively with engineering teams for remediation - Experience with change management and release governance processes in production environments - Strong project management and communication skills, effectively representing cybersecurity requirements to technical and business stakeholders - Solid understanding of agile methodologies, DevSecOps practices, and CI/CD pipeline integration - Familiarity with security threat intelligence sources and how they inform application-layer defenses - Experience collaborating with development teams to drive security remediation, conducting working sessions, and supporting secure coding adoption through a developer-first approach