Posted Jul 14, 2026

Senior Security Consultant, Application Security

Apply Now

OUR MISSION UNITES US

"Making the world a safer and more secure place."

It’s our mission, plain and simple. It drives everything we do – from research to client work to community involvement. And it unifies our global team into an elite force with integrity, fierce passion, and relentless creativity that doesn’t just “push the envelope” or “think outside the box.” We shred the envelope, crush the box, and we have fun doing it. We are always looking for people who share our mission to join us.

About IOActive:

IOActive, a trusted partner for Global 1000 enterprises, provides research-fueled security services across all industries. Our cutting-edge cybersecurity teams provide highly specialized technical and programmatic services including full-stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every engagement to maximize cybersecurity investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle with global operations, including state of the art hardware hacking labs in Seattle, WA, Madrid, Spain and Cheltenham, UK.

About the Role

The Senior Consultant, Application Security is a senior technical practitioner in IOActive's Application Security practice, with secure code review as the central specialty.[AM1][AM2] The role centers on deep manual code audit work across web and systems languages, paired with application penetration testing, threat modeling, and Secure Development Lifecycle (SDLC) advisory engagements.

Code review engagements at IOActive span the full landscape: source code reviews on production codebases for enterprise web applications, mobile backends, embedded systems, and cryptographic implementations; application penetration testing against web, API, and mobile targets; threat modeling for new product designs; and SDLC advisory work helping clients integrate security into their development processes. The Senior Consultant brings particular depth in code review and broad competence across the adjacent work.

What You'll Do

Engagement Delivery — Code Review (primary, ~50–60%)

Engagement Delivery — Adjacent Application Security Wor

Client Engagement

Practice Contribution and Mentorship

Research and Market Presence

What You'll Bring

Experience and Background

Capabilities

Credentials

What We Offer

🎯A chance to work with an industry leader in cyber security

💡Access to world-class technical teams and research

🏆A high-energy, collaborative team that values innovation

💻Flexibility—work remotely or from the office as needed

✈️Opportunities for travel

💰Competitive compensation and performance-based incentives

If this sounds like your kind of challenge, we’d love to hear from you. Let’s talk!

WhyIOActive:

We have over 25 years of experience that’s established and stable; yet high-growth with the energy, passion and dynamic work environment of a startup. We are renowned for our innovation and thought leadership within our high-profile, cutting edge space.We're one of “the good guys” doing crazy cool stuff to thwart bad guys in a critically important business, social and political arena. Our work is great fun with great importance. Above all else, we value our people and our customers. Relationships matter.

IOActive is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.

This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. makes hiring decisions based solely on qualifications, merit, and business needs at the time.

Originally posted on