Our client is seeking a highly technical application security consultant.
This is a hands-on technical role, not a GRC, policy, or compliance position. We are looking for a practitioner with a deep background in Application Security, Secure Coding, or Penetration Testing. You must be able to do more than just relay automated scan results; you need to deeply understand standard vulnerabilities, explain them technically to development teams, and validate that the implemented code remediations are effective.
Key Technical Responsibilities:
- Vulnerability Remediation: Analyze penetration test report findings, meet with development teams to explain the technical mechanics of the vulnerabilities (e.g., XSS, SQLi, CSRF), and guide them on how to fix them at the code level.
- Remediation Validation: Technically validate and test that the remediations applied by the development team are effective and secure.
- Secure SDLC Implementation: Embed secure design principles and application security controls directly into the software development lifecycle.
- Architecture & Design Reviews: Conduct deep-dive technical security architecture and design reviews for new and existing projects.
- Pentest Management: Plan, support, and execute application penetration tests, taking full accountability for driving the technical remediation follow-up.
- Cloud Security Guardrails: Provide hands-on security guidance for cloud platforms, specifically across Salesforce, Azure, and AWS.
- Threat Modelling: Act as the technical security authority within project streams, identifying threats early in the design phase.
Required Technical Skills & Experience:
- Deep AppSec Background: Proven, hands-on experience working specifically in Application Security, Penetration Testing, or as a Security-Focused Software Engineer.
- Vulnerability Expertise: Absolute fluency in the OWASP Top 10. You must be able to explain how vulnerabilities work, how they are exploited, and exactly how to remediate them.
- Developer Collaboration: Demonstrable experience working directly with software development teams, speaking their language, and providing actionable secure coding guidance for common languages/platforms.
- Testing Tools: Strong practical knowledge of penetration testing tools, techniques, and manual verification methods.
- Cloud Platforms: In-depth technical security knowledge for Salesforce, Azure, and AWS environments.
Desirable Skills:
- Hands-on experience securing containers and serverless technologies.
- Familiarity with security frameworks (NIST CSF, CIS) and compliance requirements (GDPR, PCI-DSS, CRA) from a technical implementation perspective.
- Degrees and certifications (e.g., OSCP, OSWE, GWAPT, CISSP) are advantageous; however, we welcome demonstrable, hands-on technical capability