Sr. Consultant Application Security Penetration Testing at Coalfire Systems

Posted in Security 16 days ago.

Location: Westminster, Colorado

Job Description:

Coalfire Systems

Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees.

Sr. Consultant Application Security Penetration Testing


Job ID: 2021-3877
Type: Regular Full-Time
# of Openings: 1
Category: Penetration Testing
Westminster Office


Leading cloud infrastructure providers, SaaS providers, and enterprises turn to Coalfire for help solving their toughest cybersecurity problems. Through the combination of extensive cloud expertise, technology, and innovative and holistic approaches, Coalfire empowers clients to achieve their business objectives, use security and compliance to their advantage, and fuel their continued success. Coalfire has been a cybersecurity thought leader for 20 years and has offices throughout the United States and Europe.

At Coalfire the Threat and Vulnerability Management / Secure Product Development (TVM / SecPrd Dev) Business is composed of highly skilled security testers with a passion for enhancing system security postures. Our team members actively participate in the information security community and have released toolsets, blog posts, and whitepapers. Our team members train and present at numerous industry conferences, including BlackHat, DefCon, ShmooCon, BlueHat, DerbyCon, 44CON, and numerous BSides, covering offensive and defensive operations as well as the tools and capabilities we create and share. Come join an amazing technical security team which makes a difference in the information security industry and consistently pushes the limits of offensive and defensive security capabilities.

We’re growing rapidly and are currently seeking a Senior Consultant to support our AppSec Teams Remotely. #LI-Remote


The Sr. Consultant works closely with Project Managers, Delivery Directors, and other Delivery team members to lead engagements, assessing the security and compliance of various types of client applications and supporting infrastructure against regulatory and industry requirements and standards, as well as security best practice frameworks. The Sr. Consultant is a technical leader with broad and deep technical skills, meeting the objectives of their engagements, collaborating with clients, mentoring teammates, and providing subject matter expertise across one or more technical domains. The Sr. Consultant is a trusted advisor to clients, and through objective testing and results reporting, supports the client in making well-informed, risk-based decisions to improve overall security posture.

Senior Consultants continue to deepen their skills and broaden their impact both internal to Coalfire, as well as the Security Community as a whole.

You will regularly:

  • Working independently and collaboratively with a team to both lead and support the following work activities, where skills apply:

    • Application Penetration Testing (Browser-based, API, Mobile, IoT)

    • Threat Modeling

    • Source Code Reviews

  • Advises clients on technical security or compliance activities

  • Manages priorities and tasks to achieve utilization targets.

  • Operates with professionalism both internally and with clients.

  • Ensures quality reports and services are delivered efficiently and on time.

  • Continues to develop professional skills with relevant industry specific certifications or training. Maintains strong depth of knowledge in the practice area.

  • Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.

  • Escalates client and project-related issues to management in a timely manner to inform and engage the necessary resources to address the issue.

  • Contributes to thought leadership initiatives through blogs, conference speaking, and/or R&D functions.

  • Other duties as assigned

  • Primarily remote

  • Ability to travel up to 10% (potentially & during normal circumstances)


  • Application penetration testing and assessment tradecraft and methodologies (including browser-based, API, thick client, and Mobile)

  • Strong working knowledge of at least two programming or scripting languages

  • Excellent verbal and written communication skills, including technical writing of assessment reports, presentations, and operating procedures.

  • Client-centric consulting with high level of collaboration.

  • Shows an aptitude for leadership both through practice maturation and by mentoring junior teammates.

  • Strong understanding of security principles, policies, and industry best practices.

  • Strong understanding of various compliance frameworks (PCI DSS, FedRAMP, HIPAA, etc.).

  • Minimum of 5 years’ experience in a consulting/professional services role

  • Minimum of 5 years’ experience in Application Security and/or Software Development

  • Experience testing against one or more IT security compliance frameworks, such as PCI, FISMA, HIPAA, FEDRAMP, or HITRUST

  • Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), National Institute of Standards and Technology (NIST) Special Publications, and PTES (Penetration Testing Execution Standard).

Bonus Points

  • Software development/engineering

  • Cloud Service penetration testing tradecraft and methodologies across multiple service providers (e.g. AWS, GCP, etc.).

  • Mobile platform penetration testing tradecraft and methodologies across both widely-used platforms (iOS and Android).

  • Network/host-based penetration testing tradecraft and methodologies.

  • Cloud Service penetration testing specifically against AWS and GCP services

  • Mobile device and application penetration testing on both iOS and Android platforms

  • Red/Purple team operations

Why you'll want to join us

Our people make Coalfire great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve. Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. We’re connected by our desire to innovate and our goal of helping to make the world a more secure place.

Coalfire’s high energy, challenging, and fast-paced work environment will keep you engaged and motivated. Work-life balance is a core priority at Coalfire – we work hard and we play hard, and the two often overlap. We host family-friendly events and happy hours along with professional meetups and informal networking sessions, and we’re active in our communities. Plus, we offer great benefits, including:

  • Health, dental, and vision insurance with an employer contribution

  • Flexible paid time off (employees are encouraged to spend four weeks away from the office each year)

  • A generous 401(k) plan

  • Stock Appreciation Rights (SARs)

  • A corporate wellness program

  • Tuition reimbursement

  • A kitchen stocked with snacks, coffee, and tasty beverages (when we open offices again)

Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $86.000.00 to $148,000.00 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. #LI-GB1