Senior Product Security Consultant

@ CENSUS

About CENSUS

CENSUS LABS is a cybersecurity engineering powerhouse specializing in securing products and organizations. Rooted in professionalism, engineering excellence, and a scientific mindset, CENSUS delivers diverse professional services through research-driven methodologies.

Role Overview

The Senior Product Security Consultant role at CENSUS involves evaluating product security, analyzing threat models, and performing product-level testing across various systems including Secure Communications, IoT, Medical Devices, Mobile, and Vehicle Computing platforms. You will work under the mentorship of Engineering Managers to conduct technical evaluations and deliver insights that drive measurable improvements.

Key Responsibilities

• Review and validate security documentation such as Security Targets, threat models, and asset inventories.
• Assess risk coverage using frameworks like STRIDE, LINDDUN, OWASP, and TAL.
• Verify security requirement traceability and conduct architectural reviews of security controls.
• Perform targeted security testing (white-box and black-box) on APIs, mobile apps, and backend services.
• Evaluate cryptographic controls, secure communication protocols, and key management practices.
• Analyze secure deployment configurations across containerized platforms, CI/CD pipelines, and cloud services.
• Deliver comprehensive standards-aligned technical reports and communicate product security risks clearly.

Minimum Qualifications

MSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related field; 5+ years in product security; proven expertise in threat model evaluation and security testing; strong technical writing and analytical skills.

Required Skills

• Deep understanding of security architecture and system design patterns.
• Experience in design-level security reviews and alignment with threat models.
• Familiarity with frameworks such as Common Criteria, FIPS 140, ISO 15408, and OWASP ASVS.
• Hands-on security testing in mobile, embedded, web/cloud, and API environments.
• Knowledge in authentication, authorization, identity, and secrets management technologies.
• Proficiency in applied cryptography and secure communication protocols.
• Ability to identify vulnerabilities and communicate findings to diverse audiences.

Nice-to-Have Skills

• Experience with multiple programming languages for secure code analysis.
• Background in debugging applications across edge, embedded, or cloud platforms.
• Familiarity with Zero Trust architectures and confidential computing technologies.
• Exposure to fuzzing, symbolic execution, or static analysis techniques.
• Experience collaborating with distributed teams across different time zones.

Key skills/competency

• Cybersecurity
• Product Security
• Threat Modeling
• Security Testing
• Risk Assessment
• Cryptography
• Documentation
• API Security
• Cloud Security
• Technical Analysis