Senior AppSec Consultant (Secure SDLC Delivery)

The company is hiring a hands-on Application Security expert to take ownership of security delivery within fixed-price Secure SDLC projects. The role is not focused on governance, policy, or audit; instead, it emphasizes accountability for what is delivered.

Key Activities:

• Perform security assessments of Android and/or iOS applications.
• Conduct APK/IPA reverse engineering and static analysis.
• Identify hardcoded secrets, insecure storage, and exposed components.
• Test runtime protections (SSL pinning, root/jailbreak detection).
• Validate compliance with OWASP MASVS.
• Ensure secure implementation of OAuth, tokens, and local storage.
• Work with developers to remediate platform-specific vulnerabilities.

Responsibilities:

• Own security in real delivery and ensure that security is implemented, tested, and delivered.
• Work directly with developers to resolve code and pipeline issues.
• Perform manual and automated code reviews.
• Implement and tune security scanning tools (SAST/DAST/SCA).
• Conduct practical threat modeling and vulnerability validation.
• Operate within fixed-price environments, balancing security, timeline, and budget.

Required Experience:

• Bachelor’s degree in Cybersecurity or a related field.
• Relevant certifications (CISSP, CSSLP, OSCP, GWAPT, eWPT/eWPTX).
• 7+ years in Cyber Security with a strong focus on Application Security.
• Proven experience in Secure SDLC within delivery projects.
• Familiarity with mobile app security (iOS/Android).
• Experience in coaching development teams on secure coding.
• Ability to make security versus delivery trade-offs.

Nice to Have:

• Knowledge of cloud security (AWS/Azure/GCP).
• Experience with Kubernetes/container security.
• Experience in regulated industries.

Language Requirements: Not specified.
Only qualified candidates will be contacted.