Product Security Consultant

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

CENSUS

WebsiteLinkedInAll Job Openings

51 - 200 employees

🔒 Cybersecurity

Cybersecurity

CENSUS is a cybersecurity company that provides in-depth security testing and advisory services. They offer a range of services including Tiger Team and Penetration Testing, comprehensive mobile app testing, and Secure Software Development Lifecycle (SDLC) practices. CENSUS engages in cybersecurity engineering to protect digital assets and infrastructures. They also focus on product and organization security, vulnerability research, and provide advisory services for various digital security challenges. CENSUS is actively involved in the cybersecurity community, participating in notable events like the Cybersecurity Financial Services Summit and the Autotech Europe Forum.

📋 Description

• Review and validate security documentation (e.g., Security Targets, threat models, trust boundaries, asset inventories). • Assess the completeness, accuracy, and risk coverage of various threat models and risk assessment frameworks (STRIDE, LINDDUN, OWASP, TARA, TAL, etc.). • Verify security requirement traceability across assets, trust boundaries, and system functions. • Conduct architectural and implementation-level reviews of security controls (e.g., encryption, access control, key management). • Perform targeted security testing (white-box and black-box) on system APIs, client/mobile apps, backend services, and cloud infrastructure. • Validate implementation of cryptographic controls, key lifecycle procedures, and secure communication protocols. • Evaluate the use of post-quantum cryptography and hybrid models in secure key management. • Analyze secure deployment configurations across containerized platforms (Docker, Kubernetes), CI/CD pipelines, and cloud services. • Deliver comprehensive, standards-aligned technical reports based on evaluation findings. • Communicate product security risks clearly to both technical and non-technical audiences.

🎯 Requirements

• MSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical discipline. • 3+ years of experience in product security, software evaluation, or penetration testing. • Proven ability to evaluate threat models, security requirements, and mitigation effectiveness. • Strong technical writing and documentation skills in English. • Excellent analytical skills and attention to detail. • In-depth understanding of security architecture and common system design patterns (e.g., API gateways, microservices, message queues, service meshes). • Hands-on experience performing design-level security reviews and verifying implementation alignment with defined threat models. • Familiarity with structured security frameworks such as Common Criteria, FIPS 140, ISO 15408, OWASP ASVS, and MASVS. • Practical experience with security testing in diverse product environments (mobile, embedded, web/cloud, API). • Knowledge of authentication, authorization, identity, and secrets management technologies (e.g., OAuth2, MFA, PKI, SSO, Cloud IAM, HashiCorp Vault). • Proficiency in applied cryptography (e.g., mTLS, E2EE, AEAD, key derivation, key wrapping, remote attestation). • Ability to identify security vulnerabilities across platforms (e.g., OWASP Top 10, misconfigurations, transport security gaps).

🏖️ Benefits

• Professional development opportunities • Flexible work arrangements