Senior Application Security Consultant
Posted 1 week ago by EVOLUTION PROJECT CONSULTING LIMITED
Negotiable
Undetermined
Remote
United Kingdom
Summary: The role of Senior Application Security Consultant involves conducting a thorough security review of a web-based application without any remediation or code modifications. The consultant will independently assess application code and configurations, identify vulnerabilities, and produce a detailed security audit report. This position requires a strong background in application security and secure coding practices. The consultant will also need to communicate findings effectively to both technical and non-technical stakeholders.
Key Responsibilities:
- Perform static code analysis and security audit of a web application.
- Identify potential vulnerabilities in logic, data handling, authentication, and access control.
- Assess the application against OWASP Top 10 and other secure coding standards.
- Review third-party dependencies for known issues.
- Produce a professional security report with risk ratings, findings, and recommendations.
Key Skills:
- 4+ years in Application Security, AppSec consulting, or Secure Code Review roles.
- Deep understanding of secure coding practices in web frameworks (e.g., JavaScript, Python, PHP, Node.js).
- Familiarity with tools like Snyk, Checkmarx, Veracode, or Burp Suite (passive scanning).
- Knowledge of OWASP, CWE, and general secure software development principles.
- Strong technical writing and communication skills.
- Preferred certifications: OSCP, CSSLP, GWAPT, CEH, or equivalent.
Salary (Rate): undetermined
City: undetermined
Country: United Kingdom
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
About the Role
We are seeking a highly experienced Application Security Consultant to conduct a comprehensive security review of a web-based application. This is a non-invasive, review-only assignment — no remediation or code modifications are required. You’ll work independently to assess application code and related configurations, identify any security vulnerabilities, and deliver a detailed, evidence-based security audit report.
Key Responsibilities
- Perform static code analysis and security audit of a web application.
- Identify potential vulnerabilities in logic, data handling, authentication, and access control.
- Assess the application against OWASP Top 10 and other secure coding standards.
- Review third-party dependencies for known issues.
- Produce a professional security report with risk ratings, findings, and recommendations.
Required Skills & Experience
- 4+ years in Application Security, AppSec consulting, or Secure Code Review roles.
- Deep understanding of secure coding practices in web frameworks (e.g., JavaScript, Python, PHP, Node.js).
- Familiarity with tools like Snyk, Checkmarx, Veracode, or Burp Suite (passive scanning).
- Knowledge of OWASP, CWE, and general secure software development principles.
- Strong technical writing and communication skills.
- Preferred certifications: OSCP, CSSLP, GWAPT, CEH, or equivalent.
Deliverables
- One formal written report including:
- Executive summary for non-technical stakeholders.
- Technical breakdown of findings with severity and impact.
- Recommended mitigation guidance (no implementation expected).
Why Join Us?
- Remote flexibility
- No remediation work — fully focused on review and advisory
- A project with high visibility and real-world impact
- Prompt onboarding and structured communication
How to Apply
Message us directly or email dylan@evlpc.com with your CV, availability, and examples of previous audit/reporting work if available.