Senior Security Consultant, Application Security in United States at Jobgether

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Security Consultant, Application Security based in the United States.

This role sits at the intersection of deep technical security expertise and hands-on client engagement, with a strong focus on secure code review as the primary discipline. You will work across complex enterprise systems to identify vulnerabilities in source code, applications, APIs, and supporting architectures, while also contributing to penetration testing, threat modeling, and secure development lifecycle advisory. The position is highly client-facing, requiring the ability to translate technical findings into clear, actionable insights for both engineering teams and security leadership. You will operate as a senior technical authority on engagements, guiding delivery quality and influencing security outcomes across diverse industries. Beyond delivery work, the role also involves mentoring consultants, contributing to security research, and helping evolve application security methodologies. This is a high-impact position for someone who thrives in deep technical analysis combined with real-world client influence.

Responsible for leading secure code review and broader application security engagements, ensuring identification, analysis, and remediation of complex vulnerabilities across modern software systems.

• Lead manual source code reviews across web applications, APIs, mobile backends, and systems codebases.
• Identify and analyze a wide range of vulnerabilities including injection flaws, authentication issues, race conditions, cryptographic weaknesses, and business logic flaws.
• Deliver clear, developer-ready remediation guidance, including proof-of-concepts and architectural recommendations.
• Conduct application penetration testing, threat modeling, and secure design reviews across diverse environments.
• Support SDLC advisory work, helping clients integrate security into CI/CD pipelines, development workflows, and engineering processes.
• Act as the senior technical lead in client engagements, workshops, and technical presentations.
• Translate complex security findings into actionable insights for both engineering and executive stakeholders.

This role requires deep hands-on expertise in offensive security, with strong specialization in application security and secure code review across multiple technology stacks.

• 5+ years of experience in offensive security, including at least 2–3 years focused on application security and code review.
• Strong expertise in manual source code review across at least two languages such as JavaScript/TypeScript, Python, Java, C#, C/C++, Go, or Rust.
• Experience conducting application penetration testing, threat modeling, and SDLC-focused security consulting.
• Strong understanding of vulnerability classes, secure coding patterns, and framework-specific security risks.
• Ability to analyze authentication, authorization, cryptography, and complex application logic in real-world systems.
• Excellent written communication skills for producing clear, actionable technical reports.
• Strong verbal communication skills for client-facing discussions and technical leadership roles.
• Ability to operate across multiple technology stacks with adaptability and curiosity.
• Relevant certifications such as OSCP, OSWE, GWAPT, or similar are preferred.

• Competitive base salary with performance-based incentives
• Flexible remote work options within the United States
• Opportunity to work on high-impact, cutting-edge cybersecurity engagements
• Access to advanced security research, tools, and global technical teams
• Travel opportunities for client engagements and industry collaboration
• Strong professional development and mentorship opportunities
• Inclusive, collaborative, and innovation-driven work culture
• Exposure to diverse industries and complex technical environments