Zero Tax Jobs Logo
Post a Job
Company logo hidden

Senior Product Security Consultant

Unlock employer Abu Dhabi, United Arab Emirates Posted: 21 May 2025

Apply Direct

Financial

  • Estimate: $80k - $120k*
  • Zero income tax location

Accessibility

  • Office Only
  • Visa Provided

Requirements

  • Experience: Senior
Explore similar roles:
View Security Engineer jobs in Abu Dhabi View all Security Engineer jobs

Position

About the Job:
CENSUS is a cybersecurity engineering powerhouse specializing in securing products and organizations. Our identity is rooted in professionalism, engineering excellence, a scientific mindset, and hacking demeanor. We are research-driven, delivering a diverse range of professional services. CENSUS is trusted to conduct high-impact product security engagements, helping clients secure their solutions from design to deployment, utilizing realistic and risk-informed approaches.

Ready to apply for roles like this?

Unlock the company name and direct application link. Subscribers get instant access to fresh jobs across Dubai, Abu Dhabi and Riyadh, many with visa support.

Unlock employer & apply directly

We are seeking a technically strong and detail-oriented Senior Product Security Consultant to join our Cybersecurity Engineering team. The ideal candidate will have extensive experience in product-level security verification, threat model analysis, and product-level testing. You will be responsible for evaluating the security posture of software and system products by validating architecture, threat models, and security controls. You will participate in structured evaluation projects aligned with industry and regulatory standards such as Common Criteria, ISO/IEC 27002, or equivalent frameworks.

Key Responsibilities:

  • Review and validate security documentation (e.g., Security Targets, threat models, trust boundaries, asset inventories).
  • Assess the completeness, accuracy, and risk coverage of various threat models and risk assessment frameworks (STRIDE, LINDDUN, OWASP, TARA, TAL, etc.).
  • Verify security requirement traceability across assets, trust boundaries, and system functions.
  • Conduct architectural and implementation-level reviews of security controls (e.g., encryption, access control, key management).
  • Perform targeted security testing (white-box and black-box) on system APIs, client/mobile apps, backend services, and cloud infrastructure.
  • Validate implementation of cryptographic controls, key lifecycle procedures, and secure communication protocols.
  • Analyze secure deployment configurations across containerized platforms (Docker, Kubernetes), CI/CD pipelines, and cloud services.
  • Deliver comprehensive, standards-aligned technical reports based on evaluation findings.
  • Communicate product security risks clearly to both technical and non-technical audiences.

Minimum Qualifications:

  • MSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical discipline.
  • 5+ years of experience in product security, software evaluation, or penetration testing.
  • Proven ability to evaluate threat models, security requirements, and mitigation effectiveness.
  • Strong technical writing and documentation skills in English.
  • Excellent analytical skills and attention to detail.

Required Skills:

  • In-depth understanding of security architecture and common system design patterns (e.g., API gateways, microservices, message queues, service meshes).
  • Hands-on experience performing design-level security reviews and verifying implementation alignment with defined threat models.
  • Familiarity with structured security frameworks such as Common Criteria, FIPS 140, ISO 15408, OWASP ASVS, and MASVS.
  • Practical experience with security testing in diverse product environments (mobile, embedded, web/cloud, API).
  • Knowledge of authentication, authorization, identity, and secrets management technologies (e.g., OAuth2, MFA, PKI, SSO, Cloud IAM, HashiCorp Vault).
  • Proficiency in applied cryptography (e.g., mTLS, E2EE, AEAD, key derivation, key wrapping, remote attestation).
  • Ability to identify security vulnerabilities across platforms (e.g., OWASP Top 10, misconfigurations, transport security gaps).
  • Excellent documentation and communication skills, able to articulate technical risks and findings to diverse audiences.
  • Problem solving skills, analytical thinking, and willingness to learn/grow.

Nice-to-Have Skills:

  • Ability to read and analyze source code for logic flaws in one or more language families:
    • Mobile: Swift, Obj-C, Kotlin, Java, Dart, JavaScript
    • Web/Cloud: Java, Python, Go, PHP, Ruby, C#, JavaScript
    • Native/Embedded: C, C++
  • Experience debugging or instrumenting applications across edge, embedded, or cloud platforms.
  • Familiarity with Zero Trust architectures, enclaves, and confidential computing technologies.
  • Exposure to fuzzing, symbolic execution, or static analysis techniques.
  • Experience collaborating with distributed teams across different time zones and cultures.

This role presents an exciting opportunity to join a dynamic team and contribute to significant cybersecurity initiatives.

Apply Direct

Jobs you might like   View all jobs

About Computer and Network Security Company

Company details are hidden. Subscribe to view full company profile.
Learn more

Related Articles

Software Engineer Salaries in Dubai, UAE - An Ultimate Guide cover image

Software Engineer Salaries in Dubai, UAE - An Ultimate Guide

 Finding Software Engineer Jobs in Dubai with Visa Sponsorship cover image

Finding Software Engineer Jobs in Dubai with Visa Sponsorship

 How to Get a Visa as a Software Engineer in Dubai cover image

How to Get a Visa as a Software Engineer in Dubai

Ready to apply for this role?

Apply Direct