← Back to careers
Security · Part-time

Application Security Consultant

Remote

Apply for this role ↓

Independent security assessments for complex web platforms — white-box code reviews, API penetration testing, and cloud security evaluations. Project-based, direct client collaboration.

We’re looking for an Application Security Consultant to work project-based alongside our engineering teams and directly with clients. You’ll conduct independent security assessments — white-box code reviews, penetration testing, and cloud security evaluations — for complex web platforms in regulated industries.

This is a senior, autonomous role. You’ll work directly with client stakeholders and engineering leads, not through a PM layer. Projects typically involve SPA + REST API + relational database architectures handling financial or regulated data.

What you’ll do

  • Conduct white-box application security audits with a focus on source code review
  • Perform targeted penetration testing of APIs and authentication flows
  • Assess access control, IDOR risks, and business logic vulnerabilities
  • Evaluate secure handling of financial and personal data
  • Review cloud and infrastructure security posture (Azure preferred)
  • Deliver structured, risk-prioritised reports to technical and non-technical stakeholders
  • Present findings and remediation guidance to engineering teams
  • Support follow-up validation after fixes are implemented

Who this is for

Security professionals who prefer deep, autonomous project work over a full-time employed role. You’ll have direct client access, a clear scope, and the space to do the work properly — no committee sign-offs, no watered-down findings.

What we're looking for

  • 3+ years in application security or security architecture
  • Experience auditing SPA + REST API + relational database architectures
  • Strong OWASP Top 10 and API security knowledge
  • Token-based authentication and OAuth flow experience
  • Ability to trace request lifecycle and identify logic flaws independently
  • Experience with systems processing sensitive financial or regulated data
  • Strong written and spoken English — all reports and client reviews are in English

Nice to have

  • Fintech or trading systems experience
  • Laravel, Vue.js, or similar stack familiarity
  • Azure security knowledge
  • Compliance documentation experience (SOC 2 / ISO 27001)
  • Security certifications (CISSP, OSCP, CEH)

What you'll get

  • Direct client access — findings and recommendations go straight to technical decision-makers
  • Project-based engagements with clear scope — no open-ended retainers
  • Senior-only environment — every peer has 5+ years and a track record we've vetted
  • Fully remote, flexible schedule, B2B contractor model

Apply for this role

Don't see the right role?

We occasionally hire for roles we haven't posted yet. Send your background to career@insoftex.com and we'll keep it on file.

Send a speculative application
Press Esc to close