Product Security Consultant

We are seeking a highly skilled Product Security Consultant to assess design and enhance the security posture of our products and applications. The ideal candidate will work closely with engineering product and DevOps teams to integrate security best practices throughout the product lifecycle. This role requires deep expertise in application security risk management and secure development practices within a remote environment.

Key Responsibilities

Conduct security assessments code reviews and vulnerability testing for applications and products

Identify security risks and recommend remediation strategies

Integrate security practices into the software development lifecycle (SDLC)

Perform threat modeling and risk analysis for new and existing products

Collaborate with development and product teams to implement secure coding practices

Review system architecture to ensure compliance with security standards

Support penetration testing efforts and coordinate with third-party security vendors

Develop and enforce security policies standards and guidelines

Provide security training and awareness to engineering teams

Stay current with emerging threats vulnerabilities and industry best practices

Required Qualifications

Must be currently residing in the United States

Valid U.S. work authorization (citizen permanent resident or authorized work permit holder)

Proven experience in product security application security or cybersecurity consulting

Strong understanding of secure software development practices and OWASP Top 10

Experience with security testing tools (SAST DAST SCA)

Knowledge of cloud security (AWS Azure or Google Cloud)

Experience with threat modeling and risk assessment methodologies

Familiarity with DevSecOps practices and CI/CD security integration

Strong analytical and problem-solving skills

Excellent communication and stakeholder engagement abilities

Preferred Qualifications

Relevant certifications (e.g. CISSP CEH OSCP CSSLP)

Experience with penetration testing and ethical hacking

Knowledge of compliance frameworks (SOC 2 ISO 27001 NIST)

Familiarity with container and Kubernetes security

Experience working in Agile or DevOps environments

Work Environment

Fully remote role with flexible scheduling options

Must be available to work within U.S. business hours

Occasional security incident response or urgent assessments may be required

Compensation & Benefits

Opportunity for long-term engagement or full-time conversion (if applicable)

Professional development and certification support