Senior AppSec Consultant (Secure SDLC Delivery)

Overview

Activities

• Perform security assessment of Android and/or iOS applications
• Conduct APK/IPA reverse engineering and static analysis
• Identify hardcoded secrets, insecure storage, and exposed components
• Test runtime protections (SSL pinning, root/jailbreak detection)
• Perform dynamic analysis using tools such as Frida, Objection, Burp
• Validate compliance against OWASP MASVS
• Assess secure implementation of OAuth, tokens, and local storage
• Ensure proper certificate pinning and API protection in mobile apps
• Work with developers to remediate platform-specific vulnerabilities

Own Security in Real Delivery

• Take end-to-end accountability for application security in fixed-price projects
• Ensure security is implemented, tested, and delivered, not just definedWork directly with developers to fix issues in code and pipelines

Hands-On Engineering

• Perform manual and automated code reviews
• Implement and tune: SAST / DAST / SCA, API and container security scanning
• Build and enforce CI/CD security gates

Threat Modeling & Validation

• Conduct practical threat modelling
• Validate vulnerabilities through hands-on testing (e.g., Burp, ZAP)
• Focus on real exploitability, not theoretical risks

Delivery Under Constraints

• Operate in fixed-price environments with real constraints
• Prioritize effectively to balance security, timeline, and budget
• Take ownership of outcomes and resolve issues proactively
• Required experience
• Bachelor’s degree in Cybersecurity or related field
• Certifications such as CISSP and/or CSSLP
• Hands-On / Offensive or AppSec Certification (OSCP, GWAPT, eWPT/eWPTX)
• Mobile app security (iOS / Android)
• Experience coaching or upskilling development teams on secure coding
• 7+ years in Cyber Security with strong Application Security focus
• Proven experience in Secure SDLC within delivery projects
• Experience in fixed-price or commitment-based environments
• You’ve personally fixed vulnerabilities in code or pipelines
• You can demonstrate exploitation paths, not just list findings
• You are comfortable making security vs delivery trade-offs
• What success looks like
• You’ve personally fixed vulnerabilities in code or pipelines
• You can demonstrate exploitation paths, not just list findings
• You are comfortable making security vs delivery trade-offs
• Developers see you as a technical peer, not an auditor
• Security is embedded in SDLC and CI/CD pipelines
• Vulnerabilities are fixed early, not escalated late
• Projects are delivered securely on time, and within budget
• You are recognized as accountable for security delivery
• Developers see you as a technical peer, not an auditor
• Nice to have
• Cloud security (AWS / Azure / GCP)
• Kubernetes / container security
• Experience in regulated industries
• Please note, only qualified candidates would be contacted