Information Systems Consultant III, Application Security

In addition to responsibilities listed below, this position is responsible for reviewing application source code for potential security vulnerabilities under the guidance of more senior application security consultants by performing manual and automated security testing on applications in a running state (DAST); working with DevOps teams to integrate application security services; training DevOps personnel and developers to use application security tools; working one-on-one with developers to help them understand security vulnerabilities at hand and to identify/suggest remediation plans; and recommending application security training paths.

This also includes responsibility for protecting applications in production by enrolling them for continuous assessment of existing and emerging threats, evaluating web application firewalls; tuning WAF rules; reviewing alerts; and identifying issues as appropriate.

• Completes work assignments by applying up-to-date knowledge in subject area to meet deadlines; following procedures and policies, and applying data and resources to support projects or initiatives; collaborating with others, often cross-functionally, to solve business problems; supporting the completion of priorities, deadlines, and expectations; communicating progress and information; identifying and recommending ways to address improvement opportunities when possible; and escalating issues or risks as appropriate.


• Pursues self-development and effective relationships with others by sharing resources, information, and knowledge with coworkers and customers; listening, responding to, and seeking performance feedback; acknowledging strengths and weaknesses; assessing and responding to the needs of others; and adapting to and learning from change, difficulties, and feedback.


• Effectively communicates investigative findings to non-technical audiences.


• Works with technology risk teams and business stakeholders to respond to and remediate identified issues, and determine the best approach for improving security posture.


• Provides recommendations to team or department leadership on how to remediate issues identified through security testing processes.


• Identifies the impact of security test plans on upstream and downstream solution components.


• Follows established processes to ensure KPI goals are obtained and performance metrics are tracked on an ongoing basis.


• Supports continuous process improvement by participating in the development, implementation, and maintenance of standardized security tools, templates, and processes across assigned business domain(s).


• Performs security test data analysis in support of security vulnerability assessment processes, including root cause analysis.


• Executes the vulnerability assessment and penetration testing plan, methodologies, and standard processes for moderately complex technology initiatives across multiple IT domains by analyzing business and technology requirements.


• Researches and stays abreast of industry trends, emerging threats, best practices, and cutting edge techniques to creatively discover and exploit vulnerabilities, and recommend security solutions for technology systems.


• Generates scheduled reports (e.g., status updates, risk assessment reports, remediation reports) and provides regular security metrics to IT teams as appropriate.