This position will be fully remote and can be hired anywhere in the continental U.S.

Optiv's Application Security and Threat Management group is a multi-disciplined consulting team with focus areas on network penetration, malware analysis, vulnerability research, hardware testing, operating system, mobile device, and application testing.

The Principal Consultant-Tech Lead will be pivotal to problem definition and discovery of the overall solution and guide teams on project processes, deliverables. This individual will drive the technical relationship with our customers and partners by providing advanced architecture, implementation and operational support.

The majority of work is remote (some travel required) and can be hired anywhere in the continental U.S.

• Provide technical support and lead a team performing detailed analysis of a client's entire SDLC through a security lens. This is accomplished by evaluating the client's existing policies, procedures, practices, and standards and conducting in-depth client interviews.
• Lead the presentation of the detailed assessment of SDLC analysis to client's and guide them on where and how to improve their current SDLC so the software they create is developed more secure by default. You will be working with various levels within an organization from developers to the C-suite.
• Work with customers to help them articulate their business requirements and how those requirements translate into security features and functionality.
• Architect solutions to ensure that the customer's risk transformation requirements are met.
• Assist with development of cyber engagement plans for customers which will enable them to execute upon strategies.
• Rationalize different security solutions against requirements, risk, and constraints.
• Undertake Threat, Vulnerability and Risk analysis methodologies/techniques and the interpretation/application of their output in the definition of Security Architectures.
• Recognized expert across multiple solution areas
• Able to deliver and lead other consultants in complex projects
• Contributor to industry groups and/or publications

• Demonstrate competency in application security governance including strategy, metrics, policy, compliance, and security education

• Demonstrate competency in secure application design including threat assessment, security requirements, and secure architecture
• Demonstrate competency in secure software development including DevSecOps, the build & deployment process, and defect management
• Demonstrate competency in application security testing, architectural analysis, and the CICD pipeline
• Demonstrate competency in secure application operations including incident management, environment hardening, and secure operations
• Practical experience in development, architecture, and application security
• 10-15 years of related work experience.
• 8-10 years of technical architecture experience
• 5+ years prior software development experience is required
• 3+ years prior consulting experience is required
• 3+ years leading technical teams
• BA/BS degree preferred in computer science, engineering, math, statistics, or information systems
• Prefer one or more of the following certifications: CISSP, CEH, OSCP, OSCE, GPEN, CPT, CSSLP
• Understanding of software security architecture and design
• Experience building Secure SDLC programs
• Ability to assist in the strategic direction of the practice
• Ability to travel up to 40% of the time to client sites

• A company committed to championing Diversity, Equality, and Inclusion through our Employee Resource Groups.
• Work/life balance
• Professional training resources
• Creative problem-solving and the ability to tackle unique, complex projects
• Volunteer Opportunities. "Optiv Chips In" encourages employees to volunteer and engage with their teams and communities.
• The ability and technology necessary to productively work remotely/from home (where applicable)