Principal Strategic Application Security Consultant, Mandiant, Google Cloud
The Mandiant Strategic team helps clients reduce business risk by strengthening their cybersecurity programs. We streamline security efforts, prioritize risk mitigation, and drive continuous improvement across the entire security landscape. This includes application security (AppSec) and secure software development lifecycle (SDLC) practices. We support clients with incident response recovery, cyber program transformations, and comprehensive security assessments covering infrastructure, applications, and cloud environments.
US: $168000 - $244000 (USD) + 20% bonus target + equity + benefits
Learn more about benefits at Google.
As an Application Security Consultant, you will own a workstream, acting as a trusted advisor and driving client objectives. We're a team combining cybersecurity expertise, agile principles, and project management to deliver impactful and lasting improvements to our external clients' security posture. You will act as an executive customer-facing leader driving application security engagements for our enterprise clients.
Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.Individual pay is determined by factors including job-related skills, experience, and relevant education or training.US: $168000 - $244000 (USD) + 20% bonus target + equity + benefits
Learn more about benefits at Google.
- Utilize broad application security expertise to separately own, scope, and lead complex customer-facing engagements as a Principal Application Security Consultant, trusted project owner, and industry specialist.
- Direct cross-functional teams to architect and drive scalable, measurable security risk reduction across application and cloud environments, leveraging investigative systems thinking and advanced security telemetry data for enterprise-level decision-making.
- Influence and secure alignment with director and C-suite level stakeholders regarding macro risk priorities, security infrastructure transformations, and systemic technical debt reduction, driving change management initiatives and secure-by-design orchestration.
- Oversee secure code reviews, mentor junior team members on mitigating complex or ambiguous vulnerabilities, and review project deliverables, leveraging advanced knowledge of modern development languages (e.g., Python, Java) while designing long-term product strategy to optimize organizational AppSec and DevSecOps maturity.
Minimum qualifications:
- Bachelor's degree in Computer Science, Information Systems, Cybersecurity, a related technical field, or equivalent practical experience.
- 8 years of experience with application information security, infrastructure, software, or platforms within cloud services.
- 8 years of experience with cybersecurity risk management, threat identification, or security solution development.
- Ability to travel up to 30% of the time.
Preferred qualifications:
- Certifications related to specific cloud platforms.
- 4 years of experience Application development, leading application/software projects and customer relationships while working cross-functionally in a large organization.
- Experience implementing industry-leading practices around cyber risks and cloud security for clients’ cloud security frameworks using industry standards.
- Experience with cloud governance, with the ability to convey governance principles to cloud computing in terms of policies.
- Excellent time and project management skills.