[Remote] Senior Security Consultant, Application Security

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. IOActive, Inc. is a leading cybersecurity firm focused on making the world a safer place through innovative security services. They are seeking a Senior Security Consultant in Application Security to lead manual code reviews, application penetration testing, and secure development lifecycle engagements, while mentoring junior consultants and contributing to the company's research and market presence.ResponsibilitiesLead manual source code reviews on complex production codebases spanning web applications, mobile backends, APIs, and embedded systemsIdentify vulnerability classes ranging from common (injection, authentication and authorization flaws, SSRF, XSS, deserialization) to nuanced (race conditions, deserialization gadgets, cryptographic implementation flaws, business logic vulnerabilities, architectural weaknesses)Author findings reports that developers can act on: clear remediation guidance, working proof-of-concepts where appropriate, and architectural recommendations beyond the immediate fixLead client developer workshops to explain findings and patterns, helping teams build security resilience rather than just fixing the listed issuesApplication penetration testing across web, API, and mobile targets, particularly where engagements span code review and dynamic testingThreat modeling on new product designs and existing systems using STRIDE, attack trees, or equivalent frameworksSecure design reviews of architecture, authentication systems, cryptographic implementations, and inter-service communicationSDLC advisory engagements: helping clients integrate code review, threat modeling, and security testing into their development lifecycle (CI/CD, pull-request workflows, developer training)Serve as the senior technical voice in engagement status meetings, client workshops, technical deep-dives, and developer training sessionsBuild trusted technical relationships with client engineering leadership, AppSec teams, and security architectsTranslate technical findings for two distinct audiences: developers who need to fix the issue, and security leadership who need to understand the business risk and patternSupport pre-sales conversations with technical credibility — scoping calls, capability discussions, and proposal inputMentor junior and mid-level consultants in code review methodology, vulnerability research, and client engagement — even without direct reporting authorityContribute to IOActive's code review playbooks, tooling, methodologies, and report templatesIdentify opportunities to extend IOActive's AppSec capability — new tooling, target stacks, research directions, or service offeringsCollaborate with adjacent practices (Red Team, Hardware/Silicon, Advisory) on composite engagementsContribute to IOActive's application security research — vulnerability discovery, novel attack techniques, framework- or platform-specific findingsBuild personal profile in the application security community: conference talks (Black Hat, DEF CON, OWASP Global, BSides, regional AppSec events), published research, working group participationRepresent IOActive in AppSec industry conversations, OSS security efforts, and customer advisory engagements as opportunities ariseSkills5+ years in offensive security services, with at least 2–3 years focused on application security and source code reviewHands-on engagement delivery across multiple AppSec disciplines — code review, application penetration testing, threat modeling, or SDLC consultingDeep code review expertise in at least two of: JavaScript / TypeScript (Node.js, modern frontends), Python (Django, Flask, FastAPI), Java (Spring, J2EE), C# / .NET (ASP.NET, Core), C / C++, Rust, GoLang. Working competence in additional languages a strong plusWorking knowledge of common framework patterns, ORM behavior, authentication and authorization libraries, cryptographic libraries, and the security pitfalls particular to eachFamiliarity with vulnerability classesStrong technical credibility and the comfort to operate as the senior voice on engagementsExcellent written communication — you produce reports that developers act on rather than fileStrong verbal communication, with the ability to both present as a subject matter expert in technical discussions and deliver complex concepts, results, etc. to a general audienceComfort moving between languages and stacks — specialists who insist on a single technology stack don't fit this roleCollaborative mindset — AppSec engagements typically involve close coordination with delivery teams and client developersGenuine curiosity about how systems work, and patience for reading code carefully — code review consultants who succeed at IOActive are the ones who find the work interesting rather than tediousRelevant bachelor's degree or equivalent experienceFamiliarity with relevant standards and frameworks: OWASP ASVS, NIST SSDF, BSIMM, SAMMRelevant industry certifications strongly preferred: OSCP, OSWE, GWAPT, CSSLP, GWEB, or equivalent application-security focused credentialsBenefitsCompetitive compensation and performance-based incentivesFlexibility—work remotely or from the office as neededOpportunities for travelA chance to work with an industry leader in cyber securityAccess to world-class technical teams and researchA high-energy, collaborative team that values innovationCompany OverviewIOActive is a trusted partner for Global 1000 enterprises, providing research-fueled security services across all industries. It was founded in 1998, and is headquartered in Seattle, Washington, USA, with a workforce of 51-200 employees. Its website is http://www.ioactive.com.Company H1B SponsorshipIOActive, Inc. has a track record of offering H1B sponsorships, with 2 in 2023, 1 in 2022, 1 in 2021, 3 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Assistant Culinary Manager

Remote

General Attorney | Citizenship and Immigration Services

Remote

Senior Tax Accountant

Remote

Part time-Medical Transcriptionist

Remote

Online Data Entry jobs to earn money from home without investment-

Remote

Account Manager - Entry Level

Remote

CVS Data Entry (Remote Part Time) $23/Hour – Work From Home Jobs

Remote

FULL TIME Part - Time Remote At Jetblue Airlines - Customer

Remote

Experienced Junior Geographic Information Systems Analyst – Remote Work Opportunity at careerzynith

Remote

Experienced Customer Service Professional - Customer Contact Center Representative for Energy Solutions and Emergency Response

Remote
← Back