Application & Infrastructure Security Consultant

Project description

The Application & Infrastructure Security Consultant is an embedded security partner within Enterprise Solutions (ES) product engineering teams. The role is responsible for continuously assessing and improving the security posture of the ES technology estate - spanning application code, CI/CD pipelines, cloud infrastructure (primarily AWS), multi-tenant platform components, and AI/agentic system integrations.

This is a hands-on, engineering-facing role. The consultant works alongside development teams day to day, identifying vulnerabilities and security risks early in the delivery lifecycle, translating findings into actionable remediation guidance, and directly implementing security improvements through code changes and infrastructure updates where appropriate.

Skills

Must have

Technical Expertise

5+ years of experience in application security, cloud security, or a combined security and software engineering role, with demonstrated ability to assess and remediate security risks across the full technology stack.

Hands-on experience identifying and addressing OWASP Top 10 vulnerabilities and common cloud misconfiguration risks in production systems.

Practical experience assessing AI and agentic system security, including prompt injection, tool-call abuse, and orchestration layer vulnerabilities. Familiarity with OWASP Top 10 for LLMs.

Experience assessing multi-tenant system security, including tenant isolation controls, context confusion vulnerabilities, and shared-resource leakage.

Experience assessing secrets management posture across repositories, CI/CD pipelines, and cloud environments.

Proficiency in at least one programming language (Python, Java, JavaScript/TypeScript, Go, or C#) sufficient to review, modify, and implement code changes.

Working knowledge of AWS security services and core controls including IAM, KMS, VPC, Security Groups, CloudTrail, and GuardDuty.

Solid understanding of CI/CD platforms (e.g. GitHub Actions, Azure DevOps) and pipeline security principles.

Familiarity with infrastructure-as-code tools such as Terraform, CloudFormation, or AWS CDK.

Strong written and verbal communication skills, with the ability to clearly articulate risk, regulatory exposure, and remediation strategies to engineering teams and senior stakeholders.

Proven ability to work collaboratively within and alongside development teams in a fast-moving delivery environment.