Security Consultant

Cigital, Inc. headquartered in Dulles, Virginia (just outside of Washington, D.C.), is the world’s largest consulting firm specializing in software security and is the global leader in helping organizations design, build, and maintain secure software. Our unique expertise, product technologies, and training services are a culmination of over twenty years of research and thousands of successful software security consulting engagements at leading public and private organizations throughout the world.

We provide a comprehensive range of software security services including consulting, training in both instructor-led and eLearning, mobile application security, and cloud services aimed at addressing the potential security risks associated with third-party or outsourced software. Whether it’s a simple penetration test or deploying an end-to-end software security program, our expert consultants have both the depth of knowledge and breadth of real-world experience to understand the risks and challenges our clients face each day.

Cigital was established in 1992 with funding and contracts from DARPA and NASA. The creation of Cigital Labs Research in the mid 1990’s resulted in some of the most important advancements in software security including the development of the first ever commercial Static Analysis tool, ITS4. The technology in this product was eventually licensed to Kleiner Perkins and used as the basis for the creation of Fortify Software in 1999. Fortify went on to become the global leader in the Static Analysis tool marketplace and was sold to Hewlett Packard in 2010. Cigital Labs has been awarded 8 different patents in areas dealing with software security. 

As Cigital engages with clients in the application of our software security improvement methodologies, the Security Consultant joins in the execution and delivery of planned project deliverables and milestones that assist clients in learning, understanding, and applying Cigital's secure software development methodologies. The Security Consultant typically has task responsibility within one project and develops the capability to perform tasks within one or more of Cigital's security practices. The Security Consultant continuously learns and expands his/her technical competence. Security Consultants do some work from the office, but often go on site to help customers exterminate the bugs and untangle the flaws that make their systems insecure. Our Security Consultants make themselves and their team indispensable advisors to our customers: they build the relationships that help create and identify follow-on assignments.

The ideal candidate will possess expertise in several of the following areas:

Code Review

Software/Application Penetration Testing

Architecture Security Analysis and Threat Modeling

Secure Software Design, Architecture, and Engineering

Software/Application Reverse Engineering

Red Team Analysis (including network, wireless, physical, and social engineering techniques)

Database Security

• Technical Skills

o Familiarity with software security weakness, vulnerability and secure code review a plus

o Familiarity with software attack and exploitation techniques a plus

o Familiarity with at least one software programming language and framework a plus

o Experience with C/C++, .NET, Java, multiple OS and RDBMS

o Experience with other languages (e.g. JavaScript, Python, Ruby, PHP, Perl, COBOL, SQL, or Assembly) (Desired)

o Experience conducting secure code review a plus

o Experience conducting reverse engineering a plus

o Experience performing web application penetration testing a plus

• Consulting skills

o Ability to interface with clients, utilizing consulting and negotiating skills

o Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action

• Team-oriented skills

o Ability to collaborate with project team members, take direction from the project lead and execute tasks consistently

• Project Management

o Awareness of end-to-end project management life-cycle including planning, execution and closeout

• Communication

o Written communication skills for use in preparing formal documentation, Statements of Work, proposals, white papers, and case studies

o Verbal skills that include the ability to clearly articulate thoughts and to deliver presentation and training to all levels of management

o Ability to persuade

• Demeanor

o Enthusiasm and commitment along with professional interpersonal skills and an entrepreneurial drive

o Willingness to travel 40-60%

Education and Certifications:

Top graduate in Computer Science, Engineering, Math or related field

Compensation & Work Location:

Cigital is based in Dulles, Virginia, with offices in Amsterdam, Atlanta, Bloomington, Boston, Chicago, Dallas, London, New York, Dallas, San Diego, Santa Clara, Seattle, and works with clients worldwide. We offer a competitive salary, equity compensation, and benefits.