The Role
We’re a specialized AppSec team providing advisory, engineering, and fractional security support to development teams. We’re looking for a senior consultant who knows what good looks like and has the expertise to help clients get there. You’ll work across a diverse portfolio of client engagements, helping organizations mature their application security programs or optimize what they’ve already built. Some clients need strategic roadmaps and executive alignment, while others need someone to roll up their sleeves and build alongside their teams. You’ve built an AppSec program before. You understand the gaps that inevitably appear, the organizational friction that slows progress, and the practical approaches that actually get engineering teams moving in the right direction. You can hold your own with a CISO discussing risk posture and business impact, then walk into a sprint planning meeting and earn immediate credibility with developers.
What You’ll Be Doing
- Leading AppSec program assessments to evaluate current state, identify gaps, and help clients prioritize remediation efforts based on risk, resources, and organizational readiness
- Designing pragmatic security workflows, processes, tooling integrations, and developer friendly practices that engineering teams will actually adopt
- Getting hands-on when needed: implementing SAST/SCA/DAST/API tooling, configuring CI/CD security gates, building threat models, and conducting architecture reviews
- Navigating organizational complexity by helping clients work through the messy middle: tool sprawl, low adoption rates, competing priorities, technical debt, and cross-functional alignment challenges
- Delivering polished client work, producing clear assessments, actionable roadmaps, implementation guides, and executive communications that drive decision-making
- Serving as a strategic advisor and hands-on partner, adapting your approach to each client’s culture, maturity, and goals
What We’re Looking For
Required:
- 5+ years in application security, with demonstrated experience building, scaling, or leading an AppSec program
- Proficiency with the implementation, operationalization, and troubleshooting of tools across the AppSec landscape (SAST, DAST, SCA, API Security, secrets management)
- Comfortable operating at the strategic level (program design, roadmaps, risk prioritization) and the tactical level (hands-on implementation, tool configuration, code review)
- Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools
- Excellent written and verbal communication skills
Nice to have:
- Prior consulting or client-facing experience, scoping engagements, managing expectations and delivering clean work
- Operational DevSecOps experience
- Security certifications (CSSLP, OSCP, GWAPT, or similar)
- Experience with cloud-native security (AWS, Azure, GCP) and container/Kubernetes security