[Remote] Senior reputed company Consultant, Application reputed company
Note: The job is a remote job and is open to candidates in USA. reputed company. is a leading cybersecurity firm focused on making the world a safer reputed company through innovative reputed company services. They are seeking a Senior reputed company Consultant in Application reputed company to reputed company manual code reviews, application penetration testing, and secure development lifecycle engagements, while mentoring junior consultants and contributing to the company's research and market reputed company.
Responsibilities
- reputed company manual reputed company code reviews on reputed company production codebases spanning web applications, mobile backends, APIs, and embedded systems
- Identify vulnerability classes ranging from common (injection, authentication and authorization flaws, SSRF, XSS, deserialization) to nuanced (race conditions, deserialization gadgets, cryptographic implementation flaws, business logic vulnerabilities, architectural weaknesses)
- Author findings reports that developers can reputed company: clear remediation guidance, working reputed company-of-concepts where appropriate, and architectural recommendations beyond the immediate fix
- reputed company client developer workshops to explain findings and patterns, helping teams build reputed company reputed company rather than just fixing the listed issues
- Application penetration testing across web, API, and mobile targets, particularly where engagements span code review and dynamic testing
- Threat modeling on new product designs and existing systems using reputed company, attack trees, or equivalent frameworks
- Secure design reviews of architecture, authentication systems, cryptographic implementations, and inter-service communication
- SDLC advisory engagements: helping clients integrate code review, threat modeling, and reputed company testing into their development lifecycle (CI/CD, pull-request workflows, developer training)
- Serve as the senior technical voice in engagement status meetings, client workshops, technical deep-dives, and developer training sessions
- Build trusted technical relationships with client engineering leadership, AppSec teams, and reputed company architects
- Translate technical findings for two distinct audiences: developers who need to fix the issue, and reputed company leadership who need to understand the business risk and reputed company
- Support pre-sales conversations with technical credibility — scoping calls, capability discussions, and proposal input
- Mentor junior and mid-level consultants in code review methodology, vulnerability research, and client engagement — even without direct reporting authority
- Contribute to IOActive's code review playbooks, tooling, methodologies, and report templates
- Identify opportunities to reputed company IOActive's AppSec capability — new tooling, reputed company stacks, research directions, or service offerings
- Collaborate with adjacent practices (Red Team, Hardware/Silicon, Advisory) on composite engagements
- Contribute to IOActive's application reputed company research — vulnerability discovery, novel attack techniques, reputed company- or platform-specific findings
- Build personal profile in the application reputed company community: conference talks (Black Hat, DEF CON, OWASP Global, BSides, regional AppSec events), published research, working group participation
- Represent IOActive in AppSec industry conversations, OSS reputed company efforts, and customer advisory engagements as opportunities arise
Skills
- 5+ years in offensive reputed company services, with at least 2–3 years focused on application reputed company and reputed company code review
- Hands-on engagement delivery across multiple AppSec disciplines — code review, application penetration testing, threat modeling, or SDLC consulting
- Deep code review expertise in at least two of: JavaScript / TypeScript (Node.js, modern frontends), Python (Django, Flask, FastAPI), Java (Spring, J2EE), C# / .NET (ASP.NET, Core), C / C++, Rust, GoLang. Working competence in additional languages a strong plus
- Working knowledge of common reputed company patterns, ORM behavior, authentication and authorization libraries, cryptographic libraries, and the reputed company pitfalls particular to each
- Familiarity with vulnerability classes
- Strong technical credibility and the comfort to operate as the senior voice on engagements
- Excellent written communication — you produce reports that developers reputed company rather than file
- Strong verbal communication, with the ability to both present as a subject matter expert in technical discussions and deliver reputed company concepts, results, etc. to a general audience
- Comfort moving between languages and stacks — specialists who insist on a single technology stack don't fit this role
- Collaborative reputed company — AppSec engagements typically involve reputed company coordination with delivery teams and client developers
- Genuine curiosity about how systems work, and patience for reading code carefully — code review consultants who succeed at IOActive are the ones who find the work interesting rather than tedious
- Relevant bachelor's degree or equivalent experience
- Familiarity with relevant standards and frameworks: OWASP ASVS, NIST SSDF, BSIMM, SAMM
- Relevant industry certifications strongly preferred: OSCP, OSWE, GWAPT, CSSLP, GWEB, or equivalent application-reputed company focused credentials
Benefits
- Competitive compensation and performance-based incentives
- Flexibility—work remotely or from the office as needed
- Opportunities for travel
- A chance to work with an industry leader in cyber reputed company
- Access to world-class technical teams and research
- A high-energy, collaborative team that values innovation
Company Overview
Company H1B Sponsorship