Share this Job

Senior Security Consultant / Consulting Engineer

Date:  Jul 2, 2021

Thornton, CO, US

Requisition ID:  29825

About Avaya

Businesses are built by the experiences they provide, and every day millions of those experiences are delivered by Avaya Holdings Corp. (NYSE: AVYA). Avaya is shaping what's next for the future of work, with innovation and partnerships that deliver game-changing business benefits. Our cloud communications solutions and multi-cloud application ecosystem power personalized, intelligent, and effortless customer and employee experiences to help achieve strategic ambitions and desired outcomes. Together, we are committed to help grow your business by delivering Experiences that Matter. Learn more at www.avaya.com.

Job Information


Avaya is seeking an experienced security professional to join the Product Security Support Team-PSST, and larger Solution Architecture group reporting into the Office of the CTO.

To be successful in this role the candidate must have hands-on experience and a proven record securing Azure, GCP, AWS, Hosted Cloud Solutions, embrace continual learning, be willing to mentor and share ones’ security knowledge with PSST/Solutions Architecture team members, work on multiple projects simultaneously, effectively engage and consult with a diverse group of internal (e.g. Dev, Test, OPS, IT/Corporate Security, Professional Services, Product Management, Sales, etc.) and external (e.g. Avaya Customers, Business Partners, 3rd-party SaaS/OEM/Resellers, External Security Researchers, etc.) stakeholders, and establish oneself as a recognized thought leader among consulting engineers within the Avaya community.


Primary Skills

  • Complement existing PSST/Avaya Security Consulting, Hardening and Penetration Test capabilities involving Avaya’s Azure, GCP or AWS Cloud-based Offers:
    • Offensive Security/Red Team - Ethical hacking/penetration testing and proof of concept exploits against Avaya Cloud Offers (Azure, GCP, AWS and Data Center-hosted; Staging and Production environments), ensuring the security posture of Avaya's Cloud Offers, and providing evidence in support of compliance/AOC engagements (e.g. PCI DSS, HIPAA, HITRUST, FedRAMP, etc.)
    • Defensive Security/Blue Team - Security consulting targeted towards defending against cybersecurity attacks of Avaya Cloud Offers (e.g. Development, Test, Staging and Production environments). Role includes consulting coverage for infrastructure protection, security-related forensics, incident response, damage control and operational security.

Additional skills

Additional PSST/S&T Security Team Skillsets/Roles:

  • Internally focused Security Consulting: 
    • Avaya-internal-only consulting with respective Offer teams during the Avaya Product/Solution/Cloud Offer development process.
    • Security Automation & DevSecOps/Green Team - Recommendation and integration of cloud-native/SaaS security services, security automation: deploy best-in-class/Avaya S&T-required security tools and CI/CD protection mechanisms.
    • Security Governance/White Team - Support PSST efforts in authoring Avaya Product and Cloud Security Engineering Criteria, assessing Offer team compliance, and providing associated Security vote at Portfolio Management Team reviews.
    • Active membership in Avaya’s Security Council, Cybersecurity VT, and Avaya’s Incident Response Team

Additional skills - contd

  • Vulnerability Threat Management (VTM): 
  • Oversight of Avaya’s VTM policies, system/database, interact with product teams towards tracking/resolving product vulnerabilities, and creation of Avaya Security Advisories-ASA’s (posted at https://support.avaya.com/security)
  • Serve as a member of Avaya’s CVE Numbering Authority-CNA and manage the securityalerts@avaya.com mailbox which serves as a primary point of contact for External Security Researchers. Interface with Avaya product teams, Legal, PR/Communications, upper management, etc. as required.
  • Security-related Customer Support:
    • Consult with product teams in support of Development/Tier 4-owned security escalations/tickets.
    • Serve as Security Consultant / Subject Matter Expert in partnering with Pre-Sales/Sales, Professional Services, and associated Delivery teams across Avaya to address customer Security concerns.


  • Hands-on experience and a proven record of securing Azure, GCP, AWS Hosted Cloud Solutions
  • Cloud Offer penetration test, security consulting, assessment, hardening, compliance, and operational security support
  • Experience collaborating with auditors on compliance engagements e.g. PCI DSS, HIPAA, HITRUST, FedRAMP Attestation of Compliance-AOCs


  • IaaS/PaaS/SaaS experience securing Azure, GCP, AWS-based Cloud Solutions
  • Proven expertise in security penetration testing and associated open-source and commercial security tools (e.g. Qualys, Automated and Manual Web App scanners and proxies, API/protocol fuzzers, container and database scanners, Metasploit, Cloud-native security tools, etc.)
  • Ability to create customized scripts (e.g. via Python, Perl, Ruby) and Proof of Concept exploits and/or verify the same reported by external security researchers
  • High-tech product software/firmware support experience. In-depth problem-solving skills with demonstrated ability to isolate problems to specific software/firmware components
  • Demonstrated teamwork experience and desire to work in a fast-paced security consulting role. 


  • U.S. Citizenship or permanent resident card
  • B.S. degree in Computer Science, Computer Networking, or related discipline
  • M.S. degree or equivalent experience is desirable.
  • Relevant certifications are desirable (e.g. AZ-900, AZ-500, Google Professional Cloud Security Engineer / Architect, GIAC GWAPT, GCIH, GCSA, CISSP, CISA, CEH, OSCP, etc.)
  • U.S. Security clearance is desirable


12+ Years of Experience


Bachelor degree or equivalent experience
Advance Degree preferred

Preferred Certifications


Avaya is an Equal Opportunity employer and a U.S. Federal Contractor. Our commitment to equality is a core value of Avaya. All qualified applicants and employees receive equal treatment without consideration for race, religion, sex, age, sexual orientation, gender identity, national origin, disability, status as a protected veteran or any other protected characteristic. In general, positions at Avaya require the ability to communicate and use office technology effectively. Physical requirements may vary by assigned work location. This job brief/description is subject to change. Nothing in this job description restricts Avaya right to alter the duties and responsibilities of this position at any time for any reason. You may also review the Avaya Global Privacy Policy (accessible at https://www.avaya.com/en/privacy/policy/) and applicable Privacy Statement relevant to this job posting (accessible at https://www.avaya.com/en/documents/info-applicants.pdf).

Nearest Major Market: Denver