DevSecOps - Application Security Consultant

Senior Application Security (DevSecOps) Consultant

Full-Remote | EST Collaboration Hours | Europe or LATAM Preferred

Are you a developer who moved into security and still loves working close to code? Do you enjoy helping engineering teams ship secure software without slowing them down?

We’re looking for a Senior Application Security (DevSecOps) Consultant to work hands-on with development teams, embedding security throughout the software delivery lifecycle. This is an application-security-first role, ideal for someone who understands how modern applications are built and wants to make them safer through practical, scalable security engineering. If you enjoy collaboration through effective communication and have a “can-do” attitude, we would like to speak with you! 

What You’ll Do

You’ll partner directly with development teams and clients to design, build, and operate secure applications by embedding security into everyday engineering workflows. 

Key responsibilities include:

• Design and implement application security solutions and automation across new and existing codebases
• Lead and facilitate threat modeling for applications and APIs, identifying risks early and guiding remediation
• Perform secure code reviews and architecture reviews, providing actionable, developer-friendly feedback
• Integrate security tooling and controls into CI/CD pipelines and developer workflows
• Evaluate, select, and integrate modern AppSec and DevSecOps tooling, including AI-driven solutions
• Leverage AI-powered and agentic tooling to improve secure development, code analysis, and security automation
• Support multiple client engagements, serving as a trusted application security advisor
• Clearly communicate security risks, tradeoffs, and recommendations to both technical and non-technical stakeholders 

What We’re Looking For

Core Experience

• 5+ years of professional experience in software engineering and/or application security, including ownership of production systems
• Strong proficiency in at least one high-level programming language (e.g., Python, Java, TypeScript, Go), with the ability to read, write, and review production-quality code
• Deep understanding of application security fundamentals, including:
  • Secure coding practices
  • Threat modeling
  • Common application vulnerabilities and attack vectors
  • Vulnerability remediation and risk prioritization 

DevSecOps & Tooling

• Experience integrating security into modern CI/CD pipelines
• Hands-on use of AppSec tooling such as SAST, DAST, dependency scanning, secrets detection, or similar
• Familiarity with cloud platforms (AWS, Azure, or GCP) from an application security perspective 

AI & Modern Security Practices

• Experience evaluating or implementing AI-driven security or engineering tools, including:
  • LLM-powered code analysis or automation
  • Agentic workflows or MCP-based toolchains
• Strong judgment around secure, reliable, and responsible AI usage 

Consulting & Communication

• Ability to translate security findings into clear, practical guidance for engineering teams
• Strong communication skills and comfort working in client-facing environments
• Proven ability to balance security risk with developer experience and delivery velocity