Telecom Security Risk Consultant

As a Telecom Security Risk Consultant you will lead endtoend security risk assessments threat modeling and security consulting across mobile network and cloud-native telecom environments. Working directly with operators vendors and critical infrastructure stakeholders you will define scope and methodology assess architectures and protocols validate evidence and translate technical findings into clear prioritized risks and practical remediation roadmaps. Youll also contribute to repeatable delivery through strong documentation client workshops and continuous improvement of our internal playbooks and tooling.

Tasks

Responsibilities

• Lead and deliver deepdive telecom security risk assessments and security consulting for operators vendors and critical infrastructure programs (Security Architecture Reviews RAN & OSS Risk Assessment MOCN Risk Assessment IMS Cloud Risk Assessment 5G Core Risk Assessment).
• Define assessment scope threat model and risk methodology; translate technical findings into clear actionable risk statements and remediation roadmaps.
• Perform architecture and design reviews across 2G/3G/4G/5G IMS EPC/5GC RAN/OpenRAN OSS/BSS interconnect roaming cloud-native telecom platforms (Kubernetes/OpenStack) wireline and other OT and IT infrastructure.
• Assess security controls and compliance alignment (e.g. GSMA 3GPP NIST/ISO principles) including identity key management crypto choices secure boot supply chain and operational security.
• Analyze protocol and interface exposure (SS7 Diameter GTP SIP/IMS SIGTRAN HTTP APIs) and identify abuse cases misconfigurations and systemic weaknesses.
• Evaluate cloud and platform security for telecom workloads (multi-tenancy network segmentation service mesh IAM secrets management CI/CD container hardening).
• Conduct evidence-based testing and validation when required (configuration review log review traffic analysis fuzzing/abuse-case testing) and coordinate with P1 Labs R&D for advanced topics.
• Produce high-quality deliverables: executive summaries technical annexes risk registers reports and presentations; ensure consistency and repeatability across engagements.
• Support pre-sales and customer workshops: clarify requirements estimate effort contribute to proposals and communicate scope and value.
• Mentor team members and contribute to internal knowledge base assessment playbooks and reusable tooling.

Requirements

Requirements qualifications:

• 5 years of experience in telecom security network security or risk assessment/consulting for telecom operators infrastructure providers or security vendors.
• Experience working in consulting and/or client-facing delivery with a strong focus on clear communication and stakeholder management.
• Demonstrated ability to perform security architecture reviews and turn complex technical issues into prioritized business-relevant risks and mitigations.
• Hands-on security knowledge across at least two of the following: protocol security cloud/Kubernetes security Linux hardening IAM/PKI/key management vulnerability research incident response or SOC/monitoring.
• Familiarity with telecom and security standards and guidance (e.g. 3GPP security GSMA FS/NG NIST ISO 27001/27002). Certifications are a plus but not required.
• Experience working with AI-assisted delivery with privacy in mind (e.g. LLM tools) and strong judgment to decide AI applicability and to review validate and challenge AI-generated content; able to ensure accuracy completeness and appropriate confidentiality.
• Comfortable working with technical artifacts: network diagrams HLD/LLD configuration baselines cloud manifests logs PCAPs; able to validate evidence and challenge assumptions.
• Strong written and verbal communication skills; ability to write structured reports and present to both technical and executive stakeholders.
• Ability to work autonomously in a client-facing environment manage priorities and deliver on time across multiple engagements.

Preferred qualifications:

• Strong understanding of mobile network architecture and protocols: RAN core (CS/PS/EPC/5GC) IMS interconnect/roaming SS7/Diameter/GTP/SIP and their security implications.
• Ability to learn new technical domains quickly and adapt to different client environments and priorities.
• Comfortable producing structured documentation and presenting findings to both technical and executive audiences.
• Team mindset: mentoring collaborating across functions and continuously improving internal ways of working.

Benefits

Additional Information

• Headquarters: Paris France.

• Remote Policy: Flexible remote work with periodic meetups for collaboration and team bonding.

• First contact call (10-20min)

• Direct manager call (30min)

• Capability assessment exercice (depending on position)

• C-level & Director call (30 min)