Education: Bachelor's degree required.
Security Expertise:
Deep familiarity with OWASP Top 10 and other security concerns for web applications.
Deep understanding of OWASP Application Security Verification Standards (ASVS).
In-depth understanding of SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) scanning practices.
Tools and Experience:
Experience using Veracode, Appscan, or other enterprise security tools for scanning.
Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) found by scanning tools.
Familiarity with secret management systems integration.
Technical Expertise:
Advanced knowledge of front-end and back-end web application development in at least one technology stack: .NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.
Proven track record of staying up-to-date with trends, tools, and processes improving security posture.
Documentation & Communication:
Strong documentation skills and technical writing abilities.
Excellent verbal and written communication skills, English proficiency required.
Ability to communicate, collaborate, and present effectively across diverse teams.
Team-Oriented: Ability to work in a fast-paced, dynamic environment while producing high-quality work.

Perform SAST, SCA, and DAST scans using industry standard vulnerability scanners.
Use Veracode for SAST/SCA scanning, configuring the scan platform for correct identification of static code CWE and SCA derived CVEs. This includes coordinating with the app owner to ensure all code branches are included in the compiled binary.
DAST process includes crawling the target application to identify the directory and file structure, followed by executing DAST scans using HCL product to identify dynamic issues visible only during code execution.

Application Security Consultant