CENSUS is hiring a
Technical Lead - Application Security

Summary

Join CENSUS as a Technical Lead in our Product Security Professional Services team. Provide technical leadership on major projects involving emerging technologies while managing a team of security engineers and consultants. Use your knowledge and experience to steer clients towards efficient strategies, architectures, implementations, and integrations for their cybersecurity goals.

Requirements

• MSc or BSc in Electrical Engineering, Computer Science, Computer Engineering, Electronics Engineering, or equivalent practical experience
• 8+ years of experience in an application security related role
• Proven experience of 2+ years in a leading application security architecture role

Responsibilities

• Create, review, and expand security architectures and designs that align with the product’s security requirements
• Assist in the collection, technical translation, and fine-tuning of security requirements
• Drive, support, and review threat modelling, attack surface enumeration and attack tree creation activities across a range of application software domains
• Research, review, compare, and propose technologies that can satisfy the client’s established requirements, and align with their strategies
• Review product security designs, documenting missing security controls, and driving analysis for security improvements
• Plan, execute, and supervise end-to-end security posture assessments via source code auditing, functional testing, fuzz testing and other applicable methodologies
• Verify if output implementation is aligned with the products’ security architecture, requirements, and threat model
• Document and present product security risks in both technical and business-oriented language

Preferred Qualifications

• In-depth exposure to security concepts, cryptography, and protocols across various Application types (cloud, web, mobile, IoT / Embedded, etc.)
• Experience with Mobile (iOS & Android), Cloud (GCP, AWS, Azure, etc.) and Web (Frontend & Backend) platforms
• Experience in reading & comprehending source code, discerning business logic pitfalls, and identifying security flaws in at least one of the following groups of languages: Mobile-relevant, such as Swift, Obj-C, Kotlin, Java, Dart, and JavaScript. Web- and Cloud-relevant, such as Java, Ruby, Rust, Go, Python, PHP, C#, Lua, and JavaScript
• Experience with application authentication, authorization, identity, and access management methods, such as OAuth, SSO, JWT, PKI / Certificates, Cloud IAM, and Password-less authentication
• Experience with application security features and key management systems backed by secure hardware, such as Mobile Biometric authentication, Keystore / Keychain, TPM / vTPM, HSM and SE
• Experience with applied cryptography and cryptographic protocols, such as E2E protection, authenticated encryption, mTLS, Key Exchange / Agreement, Asymmetric PAKE, OTR, Double Ratchet, Olm/Megolm and SFrame
• Experience with debugging, instrumenting, and profiling applications & application runtimes / middleware
• Familiarity with confidential computing, virtualization, enclaves, containers, and attestation technologies
• Familiarity with application reverse engineering and fuzz testing methods
• Experience of working with international teams located in other regions and time zones worldwide
• Excellent leadership, ownership, problem solving skills, and willingness to learn/grow
• Proficient in English and excellent communication skills

Benefits

*#LI-Remote*