• Eric Salas, Montgomery Skyline, Montgomery Area Chamber of Commerce, Montgomery Chamber, MGMChamber, Montgomery Alabama
  • Principal Security Consultant

    Job Description

    About the Role


    The Principal Security Consultant is the technical lead for application security software and thought leadership for people and process assessment and delivery.  The Principal Security Consultant will closely partner with delivery management the Sales teams in engaging customers and delivering both on-site and remotely.


    The Principal Security Consultant will:

    • Lead Delivery Engagements: as the senior resource for engagements, the Principal will assist in setting and managing customer expectations and ensure delivery quality
    • Deliver SDLC Maturity Assessments: assess customer’s SDLC security practices and provide expert guidance for increasing maturity and lowering risks
    • Secure SDLC Program Build: lead transformation program builds improving customer application security processes through increased maturity
    • Business Development: support sales efforts by briefing key customer representatives, present practice services, develop customer proposals, develop and deliver statements of work (SoW)
    • Service Offering Development: assist the management team in researching new potential service offerings and the development of delivery and documentation
    • Intellectual Property (IP): develop IP for internal knowledge as well as customer delivery


    Education and Experience Required:

    • Bachelor Degree in Information Security and Assurance or related field
    • 2+ years consulting management experience
    • 5+ years working within the information security field within a professional services team
    • 7+ years developing software in Java, .Net, or C/C++


    Skills and Knowledge Required:

    • Hands on experience working in a DevOps environment
    • Great customer service skills
    • Executive-level technical writing skills
    • Executive-level oral communication skills
    • Willing and able to travel up to 50% of the time
    • Thorough understanding of Software Development Lifecycle
    • Working experience performing security assessments static, dynamic, and mobile


    Additional Desired Experience:

    • Professional certification in one or more of the following: CISSP, CSSLP, GCPM, GSEC, GSSP-Java, GSSP-.NET, GWEB, PMP, PMI-ACP, PMI-RMP
    • Working knowledge of key security technologies (Application Security, Data Encryption, Identity and Access Management, and SIEM)
    • Hands on experience developing proposals and statements of work
    • Familiarity with frameworks such as OWASP Software Assurance Maturity Model (SAMM), NIST SP 800-64 rev 2, Microsoft Secure
    Contact Information