We are seeking an experienced Application Security Consultant to perform independent security assessments of complex web platforms, including white-box code reviews, penetration testing, and cloud security evaluations.
This role involves direct collaboration with client stakeholders and technical leads.
Responsibilities:
- Conduct white-box application security audits (source code review)
- Perform targeted penetration testing of APIs and authentication flows
- Assess access control, IDOR risks, and business logic vulnerabilities
- Evaluate secure handling of financial and personal data
- Review cloud and infrastructure security posture (Azure preferred)
- Provide structured risk-prioritized reports
- Present findings and remediation guidance to technical and business stakeholders
- Support follow-up validation after fixes
Required Experience:
- 3+ years in application security or security architecture
- Experience auditing SPA + REST API + relational database architectures
- Strong knowledge of OWASP Top 10 and API security
- Experience with token-based authentication and OAuth flows
- Ability to independently trace request lifecycle and identify logic flaws
- Experience reviewing systems processing sensitive financial or regulated data
- Strong written and verbal communication skills in English
Nice-to-Have:
- Experience in fintech / trading systems
- Laravel, Vue.js, or similar stack familiarity
- Azure security knowledge
- Experience producing compliance-oriented documentation (SOC 2 / ISO 27001)
- Security certifications (CISSP, OSCP, CEH, etc.)
Engagement:
- Part-time, project-based
- Remote
- Direct collaboration with client and technical team
- Potential for recurring audits across multiple projects
