Application Security Consultant

Role Overview

We are seeking an experienced Application Security Consultant to assess, validate, and strengthen the security posture of applications and supporting infrastructure. This role is responsible for reviewing security testing results, validating remediation efforts, auditing infrastructure security controls, and ensuring compliance with security standards and regulatory requirements.

The ideal candidate will possess strong expertise in application security, vulnerability management, secure development practices, and security governance within modern cloud and DevSecOps environments.

Key Responsibilities

• Review and validate findings from Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools.

• Assess application vulnerabilities and security risks, ensuring appropriate remediation actions are implemented.

• Audit operating systems, databases, containers, web applications, APIs, and supporting infrastructure for security weaknesses and misconfigurations.

• Evaluate hardening measures across application components including web servers, APIs, middleware, containers, databases, and cloud environments.

• Collaborate with development, DevOps, DevSecOps, and infrastructure teams to drive remediation and security improvements.

• Review compliance with secure coding standards, application security policies, and industry best practices.

• Perform security assessments against established frameworks and standards.

• Maintain audit records, security findings, remediation tracking, risk registers, and compliance documentation.

• Support internal and external security audits relating to application and infrastructure security.

• Provide guidance on vulnerability prioritization, risk mitigation, and security best practices.

• Monitor emerging threats, vulnerabilities, attack techniques, and industry security trends.

• Contribute to continuous improvement of application security processes, controls, and governance frameworks.

Required Skills

• Bachelor's Degree in Computer Science, Cybersecurity, Information Security, or a related discipline.

• Minimum 4 years of experience in Application Security, Security Auditing, Vulnerability Management, or Secure Software Development.

• Hands-on experience with security assessment tools such as SonarQube, Fortify SAST/DAST, Burp Suite, OWASP ZAP, or similar platforms.

• Strong understanding of OWASP Top 10, secure coding practices, and application security testing methodologies.

• Experience interpreting and validating vulnerability assessment results and remediation activities.

• Knowledge of secure SDLC practices and CI/CD security integration.

• Familiarity with container technologies such as Docker and Kubernetes.

• Experience working with cloud platforms including AWS, Azure, or Google Cloud Platform (GCP).

• Understanding of common web application vulnerabilities, API security risks, authentication mechanisms, and security controls.

• Knowledge of vulnerability management, risk assessment, and security governance processes.

• Strong documentation, reporting, and stakeholder communication skills.

Preferred Skills

• Experience working in Agile, DevOps, or DevSecOps environments.

• Knowledge of cloud security architecture and container security best practices.

• Familiarity with security automation and Infrastructure as Code (IaC) security controls.

• Experience supporting enterprise-scale application security programs.

• Understanding of regulatory and compliance frameworks such as ISO 27001, PCI-DSS, GDPR, and related standards.

Certifications

• CREST Certified Pen Tester.

• CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional).

• AWS Certified DevSecOps Engineer – Professional or equivalent cloud security certification is highly desirable.

Application Note

Interested applicants may send their CV directly to [email protected] for consideration.