Technical Lead - Application Security

Summary

Join CENSUS, an internationally acclaimed Cybersecurity services provider, as a Technical Lead in Product Security Professional Services. You will leverage your application security expertise to guide clients toward effective cybersecurity strategies and implementations. Responsibilities include creating and reviewing security architectures, conducting threat modeling, and performing security assessments. You will manage a team of security engineers and consultants, working on long-term projects involving various application software domains. This role requires a strong background in application security, leadership skills, and experience with diverse technologies. The position offers the opportunity to work with cutting-edge technologies and contribute to a mission-critical field.

Requirements

• MSc or BSc in Electrical Engineering, Computer Science, Computer Engineering, Electronics Engineering, or equivalent practical experience
• 8+ years of experience in application security related role. Experience can be an engineering / development position (e.g., consumer or enterprise), an assessment / consultancy role, an equivalent role in other engineering organizations, or a combination of them
• Proven experience of 2+ years in a leading application security architecture role

Responsibilities

• Create, review, and expand security architectures and designs that align with the product’s security requirements
• Assist in the collection, technical translation, and fine-tuning of security requirements
• Drive, support, and review threat modelling, attack surface enumeration and attack tree creation activities across a range of application software domains (cloud, mobile, web, robotics, autonomous, and other special software)
• Research, review, compare, and propose technologies that can satisfy the client’s established requirements, and aligning with their strategies
• Review product security designs, documenting missing security controls, and driving analysis for security improvements
• Plan, execute, and supervise end-to-end security posture assessments via source code auditing, functional testing, fuzz testing and other applicable methodologies
• Verify if output implementation is aligned with the products’ security architecture, requirements, and threat model
• Document and present product security risks in both technical and business-oriented language
• Manage a team of security engineers and consultants to successfully assess and research bleeding edge technologies and products

Preferred Qualifications

• In-depth exposure to security concepts, cryptography, and protocols across various Application types (cloud, web, mobile, IoT / Embedded, etc.)
• Extensive, and leading role experience with producing & reviewing application security architecture
• Experience with Mobile (iOS & Android), Cloud (GCP, AWS, Azure, etc.) and Web (Frontend & Backend) platforms
• Experience in reading & comprehending source code, discerning business logic pitfalls, and identifying security flaws in at least one of the following groups of languages: Mobile-relevant, such as Swift, Obj-C, Kotlin, Java, Dart, and JavaScript
• Web- and Cloud-relevant, such as Java, Ruby, Rust, Go, Python, PHP, C#, Lua, and JavaScript
• Experience with application authentication, authorization, identity, and access management methods, such as OAuth, SSO, JWT, PKI / Certificates, Cloud IAM, and Password-less authentication
• Experience with application security features and key management systems backed by secure hardware, such as Mobile Biometric authentication, Keystore / Keychain, TPM / vTPM, HSM and SE
• Experience with applied cryptography and cryptographic protocols, such as E2E protection, authenticated encryption, mTLS, Key Exchange / Agreement, Asymmetric PAKE, OTR, Double Ratchet, Olm/Megolm and SFrame
• Experience with debugging, instrumenting, and profiling applications & application runtimes / middleware
• Familiarity with confidential computing, virtualization, enclaves, containers, and attestation technologies
• Familiarity with application reverse engineering and fuzz testing methods
• Experience of working with international teams located in other regions and time zones worldwide
• Excellent leadership, ownership, problem solving skills, and willingness to learn/grow
• Proficient in English and excellent communication skills
• Ability to travel

Benefits

#LI-Remote