Principal Consultant

Secure Code Warrior’s mission is to establish new standards for coding that transform the ways software is created. We do this by providing the world’s leading agile learning platform that delivers the most effective secure coding solution for developers to learn, apply, and retain software security principles.  More than 600 enterprises trust Secure Code Warrior to implement agile learning security programs, build safer software, and create a culture of developer-driven security.  We are a venture-backed company with offices in Australia, the United States, Belgium, Iceland, and the United Kingdom.

As a Principal Consultant, you are the key to unlocking the full strategic value of Secure Code Warrior for our most important customers. This role is a critical evolution of traditional consulting, blending pre-sales solution design with post-sales strategic advisory. You will partner with our sales team to engage prospects early, understanding their core business drivers and designing high-level security program strategies that position our product and services as an essential investment.

You are not just delivering a service; you are building a business case, shaping a vision, and acting as a trusted advisor to security and engineering leaders. Your success is defined by your ability to elevate the conversation from tactical implementation to strategic business transformation, driving larger deals and ensuring our customers achieve measurable value.

• Pre‑Sales Advisory: Join discovery calls, run “Onboarding & Support” workshops, scope PS proposals, and co‑author SOWs for all land deals.
• AppSec & Program Assessment: Lead discovery sessions to identify process & strategy gaps in existing Secure Code Warrior deployments, and make tailored recommendations.
• Executive Metrics Coaching: Define ROI, risk, and adoption KPIs. Provide templates and guidance for upskilling client teams.
• Stakeholder Alignment: Facilitate workshops to align engineering, security, and leadership. Remove blockers and drive decisions.
• Engagement Delivery: Deliver PS engagements for 3-4 concurrent engagements.
• IP & Methodology Development: Create and maintain playbooks, templates, and AI‑driven accelerators for the PS team.
• Industry Learning: Stay current on AppSec trends and AI usage in security. Feed insights back into product and service offerings.
• Executive Reporting: After every pre‑sales call or delivery milestone, package the key takeaways—tailored advice, rollout steps, and next actions into a crisp report the client can forward straight to leadership.
• Hands‑On Platform Expertise: Know the SCW platform and Developer Risk Management (DRM) inside out. Dive into the console and data to demonstrate features live. Design program plans that keep DRM and SCW at the core.

• Commercial Acumen: Thinks like a business partner. Quickly grasps a client's business landscape and challenges, and crafts compelling, commercially-viable solutions that align our services with their strategic and financial goals.
• Influential Stakeholder Engagement: Builds immediate credibility and trust with senior executives (Head of Appsec, Director of Engineering, CISO). Articulates complex security concepts in terms of business value and risk, persuading decision-makers during both pre-sales and delivery.
• Strategic Program Design: Goes beyond tools to develop holistic, realistic business plans for security initiatives. Designs high-level implementation roadmaps during the sales cycle that integrate measurable business value, and organizational change.
• Change Management & Communication: Expertly guides clients through organizational change. Adapts messaging to be succinct and outcome-focused for executives, while remaining detailed and technical for engineering teams, ensuring smooth adoption.
• Creative Problem-Solving: Thrives in ambiguity. Can think on their feet to remove blockers, maintain momentum, and creatively solve complex customer challenges in high-pressure sales and delivery environments.
• Deep AppSec Domain Expertise: Possesses a comprehensive understanding of the AppSec landscape, including SAST, SCA, Threat Modeling, and developer training, and leverages this to establish credibility and design effective programs.
• AI-Driven Ways of Working: Has experience leveraging AI to enhance efficiency, generate insights, and innovate within a consulting or security context, demonstrating an ability to transform their own work and advise clients on modern approaches.
• Chromebook and Google Suite fluency: Prior experience working fluently using Chromebook and Google Workspace for docs, slides, and real‑time collaboration. Alternatively, comfortable adopting new apps fast when needed.

• 10+ years in AppSec, DevSecOps, or cybersecurity consulting for mid‑to‑large enterprises.
• Proven record designing secure‑coding programs or other Appsec / Security Awareness programs.
• Pre‑sales experience in scoping, pricing, and pitching services.
• Trusted advisor to Appsec teams; can present business cases in plain language.
• Change‑management expertise; able to coach teams through adoption hurdles.
• Excellent written, verbal, and virtual‑presentation skills.
• Hands‑on familiarity with AI productivity tools (eg. Gemini, ChatGPT) and a habit of sharing efficiencies created.