Logo for CENSUS

Senior Product Security Consultant - 100% Remote at CENSUS SA

Role overview

Qualifications

  • MSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical discipline.
  • 3+ years of experience in product security, software evaluation, or penetration testing.
  • Proven ability to evaluate threat models, security requirements, and mitigation effectiveness.
  • Strong technical writing and documentation skills in English.

Responsibilities

  • Review and validate security documentation (e.g., Security Targets, threat models, trust boundaries, asset inventories).
  • Assess the completeness, accuracy, and risk coverage of various threat models and risk assessment frameworks.
  • Verify security requirement traceability across assets, trust boundaries, and system functions.
  • Conduct architectural and implementation-level reviews of security controls.

About the company

CENSUS logo

CENSUS

Computer Hardware & Networking

CENSUS is an independent, privately funded and internationally acclaimed Cybersecurity services provider. We support the needs of multiple industries, providing IT and OT security services to public and private organizations around the world, including international financial institutions and Fortune 500 companies. Powered by cutting edge research, scientific analysis and real world engineering, CENSUS delivers unparalleled security assessment services for software, devices, infrastructure and organizations. Through assessment services that cover all aspects of product development we enable clients to meet the requirements of planned product releases. Through focused consultancy services we help clients in their cybersecurity maturity journey, improving their cyber resilience and protecting their digital investments. CENSUS is committed to the highest standards of service delivery and operations. We are an ISO 27001, ISO 9001 and CREST certified company, while our engineering team holds Offensive Security, CREST, GCIH, CEH, ISACA Cobit5 and ISO 27001 & 9001 auditor certifications. We constantly strive for technical excellence in our work and high quality deliverables, to best support the complex needs of those that define the Digital Now.

Company details

Company typeSME
IndustryComputer Hardware & Networking
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

About CENSUS

CENSUS LABS is a cybersecurity engineering powerhouse specializing in securing products and organizations. Our identity is rooted in professionalism, engineering excellence, a scientific mindset, and hacking demeanor. We are research-driven, enabling us to deliver a diverse range of professional services.

CENSUS is trusted to conduct high-impact product security engagements, helping our clients secure their solutions from design to deployment, using realistic and risk-informed approaches. Our expertise spans end-to-end systems, including Secure Communications, IoT, Medical Devices, Mobile, and Vehicle Computing platforms.

Learn more about CENSUS at census-labs.com.

About the Job

CENSUS’ bespoke cybersecurity services are driven by a talented team of Security Engineers, Consultants, and Researchers whose work goes beyond traditional security assessment. Under the mentorship of our Engineering Managers, our consultants perform technical evaluations of complex systems and deliver insights that drive measurable improvements.

We are seeking a technically strong and detail-oriented Senior Product Security Consultant to join our Cybersecurity Engineering team. The ideal candidate will have extensive experience in product-level security verification, threat model analysis, and product-level testing.

You will be responsible for evaluating the security posture of software and system products by validating architecture, threat models, and security controls. You will participate in structured evaluation projects aligned with industry and regulatory standards such as Common Criteria, ISO/IEC 27002, or equivalent frameworks.

Key Responsibilities

  • Review and validate security documentation (e.g., Security Targets, threat models, trust boundaries, asset inventories).
  • Assess the completeness, accuracy, and risk coverage of various threat models and risk assessment frameworks (STRIDE, LINDDUN, OWASP, TARA, TAL, etc.).
  • Verify security requirement traceability across assets, trust boundaries, and system functions.
  • Conduct architectural and implementation-level reviews of security controls (e.g., encryption, access control, key management).
  • Perform targeted security testing (white-box and black-box) on system APIs, client/mobile apps, backend services, and cloud infrastructure.
  • Validate implementation of cryptographic controls, key lifecycle procedures, and secure communication protocols.
  • Evaluate the use of post-quantum cryptography and hybrid models in secure key management.
  • Analyze secure deployment configurations across containerized platforms (Docker, Kubernetes), CI/CD pipelines, and cloud services.
  • Deliver comprehensive, standards-aligned technical reports based on evaluation findings.
  • Communicate product security risks clearly to both technical and non-technical audiences.

Minimum Qualifications

  • MSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical discipline.
  • 3+ years of experience in product security, software evaluation, or penetration testing.
  • Proven ability to evaluate threat models, security requirements, and mitigation effectiveness.
  • Strong technical writing and documentation skills in English.
  • Excellent analytical skills and attention to detail.

Required Skills

  • In-depth understanding of security architecture and common system design patterns (e.g., API gateways, microservices, message queues, service meshes).
  • Hands-on experience performing design-level security reviews and verifying implementation alignment with defined threat models.
  • Familiarity with structured security frameworks such as Common Criteria, FIPS 140, ISO 15408, OWASP ASVS, and MASVS.
  • Practical experience with security testing in diverse product environments (mobile, embedded, web/cloud, API).
  • Knowledge of authentication, authorization, identity, and secrets management technologies (e.g., OAuth2, MFA, PKI, SSO, Cloud IAM, HashiCorp Vault).
  • Proficiency in applied cryptography (e.g., mTLS, E2EE, AEAD, key derivation, key wrapping, remote attestation).
  • Ability to identify security vulnerabilities across platforms (e.g., OWASP Top 10, misconfigurations, transport security gaps).
  • Excellent documentation and communication skills, able to articulate technical risks and findings to diverse audiences.
  • Problem solving skills, analytical thinking, and willingness to learn/grow.

Nice-to-Have Skills

  • Ability to read and analyze source code for logic flaws in one or more language families:
  • Mobile: Swift, Obj-C, Kotlin, Java, Dart, JavaScript
  • Web/Cloud: Java, Python, Go, PHP, Ruby, C#, JavaScript
  • Native/Embedded: C, C++
  • Experience debugging or instrumenting applications across edge, embedded, or cloud platforms.
  • Familiarity with Zero Trust architectures, enclaves, and confidential computing technologies.
  • Exposure to fuzzing, symbolic execution, or static analysis techniques.
  • Experience collaborating with distributed teams across different time zones and cultures.

OUR Values & Core Competencies

Act with Integrity

We uphold the highest ethical standards and take full responsibility in every action β€” whether securing systems, researching vulnerabilities, or collaborating with clients. Trust is the foundation of our impact.

Collaborate with Trust

We bring together diverse perspectives across disciplines and borders, knowing that collective intelligence leads to stronger, more resilient outcomes.

Challenge with Curiosity

We question deeply, explore fearlessly, and pursue knowledge relentlessly to uncover threats, solve root problems, and drive smarter security decisions.

Innovate to Protect

We create with purpose β€” building secure, scalable, and forward-looking solutions that safeguard people, organizations, and the digital future.

Adapt with Precision

We move with speed and discipline β€” learning from failure, refining our approach, and staying focused amid complexity and constant change.

Ready to Make an Impact?

πŸ“© Apply today!

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
Β·

Consultant Related jobs

Other jobs at CENSUS

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.