Cloud Security Consultant - REMORE - 6+ Months W2 role
Posted 1 week ago by ERPA
Negotiable
Undetermined
Remote
Remote
Summary: The Cloud Application Security Consultant role is a fully remote position focused on enhancing application security through offensive and defensive strategies. The consultant will leverage their expertise in SAST and SCA tools, manage vulnerability lifecycles, and collaborate with engineering teams to ensure secure coding practices. The position requires a strong understanding of cloud environments, particularly AWS, and the ability to communicate cybersecurity requirements effectively across various stakeholders.
Key Responsibilities:
- Utilize SAST and SCA tools for vulnerability management and triage.
- Understand and remediate OWASP Top Ten and other web/API vulnerabilities.
- Secure AWS cloud environments and operate cloud-native security platforms.
- Conduct secure code reviews and validate findings from security tools.
- Collaborate with development teams to drive security remediation efforts.
- Manage change and release governance processes in production environments.
- Represent cybersecurity requirements to technical and business stakeholders.
- Integrate security practices within agile methodologies and CI/CD pipelines.
Key Skills:
- 3+ years of application security experience.
- Hands-on expertise in SAST and SCA tools like Checkmarx and Synk.
- Strong understanding of web and mobile application development.
- Experience securing AWS environments and using cloud security platforms.
- Ability to read and reason about code in languages such as Node.js, JavaScript, Java, or Python.
- Strong project management and communication skills.
- Familiarity with DevSecOps practices and agile methodologies.
- Experience with security threat intelligence sources.
Salary (Rate): undetermined
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Role: Cloud Application Security Consultant Location: fully remote Duration: 6+ Months
35 hours per week
W2 role
Description:
3+ years of offense and defense application security experience with demonstrated hands-on expertise in SAST and SCA tools such as Checkmarx and Synk, including findings triage, ruleset tuning, and managing vulnerability lifecycle across enterprise environments
Strong understanding of OWASP Top Ten and broader web and API vulnerabilities, including practical remediation techniques within enterprise environments
Knowledge of web and mobile application development and deployment methodologies
Hands-on experience securing AWS cloud environments, including Lambda, API Gateway, IAM, and S3, with experience operating cloud-native security platforms such as Orca Security, Wiz, or Prisma Cloud to surface and remediate risk across workloads and infrastructure
Ability to read and reason about code in languages such as Node.js, JavaScript, Java, or Python. Ability to sufficiently perform meaningful secure code review, validate SAST/SCA findings, and collaborate credibly with engineering teams on remediation
Experience working with change management and release governance processes within production environments
Strong project management and communication skills with the ability to represent cybersecurity requirements across technical and business stakeholders
Solid understanding of agile methodologies, DevSecOps practices, and CI/CD pipeline integration
Familiarity with security threat intelligence sources and how they inform application-layer defenses
Experience partnering with development teams to drive security remediation by running working sessions, building runbooks, and supporting secure coding adoption through a developer-first engagement model.