Senior Security Consultant, Application Security
New
Based in the United StatesFull-TimeSenior
SalaryCompetitive base salary with performance-based incentives
Apply NowOpens the employer's application page
Job Details
- Experience
- 5+ years of experience in offensive security, including at least 2–3 years focused on application security and code review.
- Required Skills
- PythonJavaJavascriptCI/CD
Requirements
- 5+ years of experience in offensive security, including at least 2–3 years focused on application security and code review.
- Strong expertise in manual source code review across at least two languages such as JavaScript/TypeScript, Python, Java, C#, C/C++, Go, or Rust.
- Experience conducting application penetration testing, threat modeling, and SDLC-focused security consulting.
- Deep understanding of vulnerability classes, secure coding patterns, and framework-specific security risks.
- Ability to analyze authentication, authorization, cryptography, and complex application logic in real-world systems.
- Excellent written communication skills for producing clear, actionable technical reports.
- Strong verbal communication skills for client-facing discussions and technical leadership roles.
- Ability to operate across multiple technology stacks with adaptability and curiosity.
- Relevant certifications such as OSCP, OSWE, GWAPT, or similar are preferred.
Responsibilities
- Lead manual source code reviews across web applications, APIs, mobile backends, and systems codebases.
- Identify and analyze vulnerabilities including injection flaws, authentication issues, race conditions, cryptographic weaknesses, and business logic flaws.
- Deliver developer-ready remediation guidance, including proof-of-concepts and architectural recommendations.
- Conduct application penetration testing, threat modeling, and secure design reviews across diverse environments.
- Support SDLC advisory work to help clients integrate security into CI/CD pipelines, development workflows, and engineering processes.
- Act as the senior technical lead in client engagements, workshops, and technical presentations.
- Translate complex security findings into actionable insights for both engineering and executive stakeholders.
View Full Description & ApplyYou'll be redirected to the employer's site
