Role Description The Senior Consultant, Application Security is a senior technical practitioner in IOActive's Application Security practice, with secure code review as the central specialty. The role centers on deep manual code audit work across web and systems languages, paired with application penetration testing, threat modeling, and Secure Development Lifecycle (SDLC) advisory engagements. - Code review engagements span the full landscape: - Source code reviews on production codebases for enterprise web applications, mobile backends, embedded systems, and cryptographic implementations - Application penetration testing against web, API, and mobile targets - Threat modeling for new product designs - SDLC advisory work helping clients integrate security into their development processes - The Senior Consultant brings particular depth in code review and broad competence across the adjacent work. Qualifications - 5+ years in offensive security services, with at least 2–3 years focused on application security and source code review - Hands-on engagement delivery across multiple AppSec disciplines — code review, application penetration testing, threat modeling, or SDLC consulting - Deep code review expertise in at least two of: - JavaScript / TypeScript (Node.js, modern frontends) - Python (Django, Flask, FastAPI) - Java (Spring, J2EE) - C# / .NET (ASP.NET, Core) - C / C++, Rust, GoLang - Working knowledge of common framework patterns, ORM behavior, authentication and authorization libraries, cryptographic libraries, and the security pitfalls particular to each - Familiarity with vulnerability classes - Nice to have - Familiarity with relevant standards and frameworks: OWASP ASVS, NIST SSDF, BSIMM, SAMM Requirements - Strong technical credibility and the comfort to operate as the senior voice on engagements - Excellent written communication — producing actionable reports for developers - Strong verbal communication, capable of presenting complex concepts to diverse audiences - Comfort moving between languages and stacks - Collaborative mindset — close coordination with delivery teams and client developers - Genuine curiosity about how systems work, and patience for reading code carefully Benefits - A chance to work with an industry leader in cyber security - Access to world-class technical teams and research - A high-energy, collaborative team that values innovation - Flexibility—work remotely or from the office as needed - Opportunities for travel - Competitive compensation and performance-based incentives - US base salary range $75,000 - $175,000, depending on experience level, background and location.

• Design, develop, and implement automations and workflows to improve security processes within security-oriented platforms and other IT platforms. • Build and optimize integrations between security tools/platforms. • Develop dashboards, reports, and technical documentation for stakeholders to track security operations deliverables, trends, and progress on security posture. • Support incident response and other security operations tasks through automation and orchestration. • Contribute to continuous improvement initiatives by applying DevOps and agile principles to security engineering tasks. • Collaborate with global teams to ensure alignment on security engineering, standards, and best practices.

• Avaliação de Arquitetura: Analisar e revisar arquiteturas de soluções OT, garantindo aderência às boas práticas de segurança cibernética. • Segurança de Equipamentos OT: Realizar avaliações de segurança em equipamentos como IEDs, PLCs, AMIs e dispositivos de campo. • Controles Cibernéticos: Desenvolver e implementar controles de segurança em ambientes OT, alinhados às normas e regulamentações vigentes. • Gestão de Vulnerabilidades: Identificar, classificar e gerenciar vulnerabilidades, garantindo ações corretivas em tempo hábil. • Monitoramento e Ferramentas: Configurar e operar ferramentas de IDS, antivírus e firewalls específicas para OT. • Análise e Troubleshooting: Realizar análise de pacotes e redes OT, solucionando problemas de desempenho e segurança. • KPIs e OKRs: Definir e acompanhar indicadores de desempenho e objetivos de segurança cibernética.

Role Description Reporting to the Global CTO/CISO, the Head of Security owns the full security program across Ignyte and its operating companies: engineering, operations, governance/risk/compliance, and incident response. You will run day-to-day security operations and detection & response, own and rationalize the security technology stack, lead the GRC and regulatory agenda, drive cyber due diligence and post-close security integration for acquisitions, and own incident response end to end. You will lead a direct team of four and manage key security vendors, partners, and budget. Key Responsibilities - Security Engineering & Operations: - Own day-to-day security operations: detection & response, EDR/XDR, email security, endpoint management, SIEM/log management, and vulnerability management. - Drive measurable gains in detection coverage, mean time to detect/respond, and operational maturity. - Manage MDR/MSSP and tooling vendor relationships. - Cloud & Identity Security: - Lead security posture across Microsoft Azure and Microsoft 365 / Entra ID (Microsoft Defender suite, conditional access, identity governance, and privileged access). - Operate cloud security posture management and drive remediation to closure. - M&A Cyber Due Diligence & Integration: - Lead pre-acquisition cyber due diligence: external attack surface mapping, gap assessment, etc. - Own post-close security integration (onboarding acquired entities onto the common baseline, rationalizing overlapping tooling, and supporting TSA stand-up and exit). - Incident Response: - Own the incident response program (playbooks, tabletop exercises, forensics/vendor coordination, and executive communication during incidents). - Governance, Risk & Compliance: - Own the GRC function: security risk management, the risk register, policy and standards, and control-framework alignment (NIST CSF / CIS Controls). - Run the security exception, remediation, and risk-acceptance process and surface residual risk to executive leadership. - Leadership: - Lead, mentor, and grow the security team. - Build global relationships within a matrixed organization. - Own the security operations budget and roadmap; report posture and risk to the CISO and leadership. Qualifications - 10+ years in information security, including 4+ years in security leadership. - Experience owning aspects of a security program end to end: engineering, operations, GRC, and incident response (not just a single function). - Deep, hands-on expertise with the CrowdStrike suite of tools, including Falcon (EDR/XDR, threat hunting, response, Spotlight). - Strong Microsoft Azure and Microsoft 365 / Entra ID security expertise (Defender, conditional access, identity governance). - Hands-on incident response leadership and modern SecOps practices (detection engineering, vulnerability management). - Experience in a regulated industry (insurance or financial services), with working knowledge of NYDFS 23 NYCRR 500 or a comparable regime. - Demonstrable experience with email threat detection and endpoint management, log management/detection (SIEM), and external attack surface management. Preferred Qualifications - Previous MSP/MSSP experience highly desired. - Experience in a highly acquisitive, multi-entity environment. - Insurance, MGA/MGU, or brokerage industry background. - Relevant certifications (e.g., CISSP, CCSP, Azure Security Engineer, GIAC). - Track record standing up or maturing a security program through rapid inorganic growth. - Demonstrated M&A cyber due diligence and integration experience, assessing and onboarding acquired companies onto a common security baseline. Benefits - Competitive benefits offering including medical, dental, vision, and supplemental benefits. - Company-paid life insurance, long-term and short-term disability policies. - 14 annual paid holidays and generous PTO plan. - 401(k) with annual Safe Harbor and profit share contributions. - Open to remote work environment.