Home › Companies › IOActive, Inc. › Senior Security Consultant, Application Security
Senior Security Consultant, Application Security
IOActive, Inc. · Canada · Remote · Active · $75,000–$175,000 / year · Rippling ATS
Job facts
| Field | Value |
|---|---|
| Company | IOActive, Inc. |
| Title | Senior Security Consultant, Application Security |
| Normalized title | - |
| Department / team | Service Delivery |
| Location | Canada |
| Work model | Remote / Remote |
| Employment type | Full Time |
| Salary | $75,000–$175,000 / year |
| Status | active |
| ATS provider | Rippling ATS |
| Posted / first seen | 2026-06-19 / 2026-06-20 |
| Changed / last seen | 2026-06-20 / 2026-06-20 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from IOActive, Inc.. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Rippling ATS. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| Department jobs | Active postings in Service Delivery. | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | IOActive, Inc. |
| Source | 26ce68a8-7700-4ef9-8b14-c1ceee379c88 |
| ATS provider | Rippling ATS |
Description
company
OUR MISSION UNITES US
"Making the world a safer and more secure place. "
It’s our mission, plain and simple. It drives everything we do – from research to client work to community involvement. And it unifies our global team into an elite force with integrity, fierce passion, and relentless creativity that doesn’t just “push the envelope” or “think outside the box.” We shred the envelope, crush the box, and we have fun doing it. We are always looking for people who share our mission to join us.
About IOActive:
IOActive, a trusted partner for Global 1000 enterprises, provides research-fueled security services across all industries. Our cutting-edge cybersecurity teams provide highly specialized technical and programmatic services including full-stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every engagement to maximize cybersecurity investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle with global operations, including state of the art hardware hacking labs in Seattle, WA, Madrid, Spain and Cheltenham, UK.
role
About the Role
The Senior Consultant, Application Security is a senior technical practitioner in IOActive's Application Security practice, with secure code review as the central specialty. [AM1] [AM2] The role centers on deep manual code audit work across web and systems languages, paired with application penetration testing, threat modeling, and Secure Development Lifecycle (SDLC) advisory engagements.
Code review engagements at IOActive span the full landscape: source code reviews on production codebases for enterprise web applications, mobile backends, embedded systems, and cryptographic implementations; application penetration testing against web, API, and mobile targets; threat modeling for new product designs; and SDLC advisory work helping clients integrate security into their development processes. The Senior Consultant brings particular depth in code review and broad competence across the adjacent work.
What You'll Do
Engagement Delivery — Code Review (primary, ~50–60%)
Lead manual source code reviews on complex production codebases spanning web applications, mobile backends, APIs, and embedded systems Identify vulnerability classes ranging from common (injection, authentication and authorization flaws, SSRF, XSS, deserialization) to nuanced (race conditions, deserialization gadgets, cryptographic implementation flaws, business logic vulnerabilities, architectural weaknesses) Author findings reports that developers can act on: clear remediation guidance, working proof-of-concepts where appropriate, and architectural recommendations beyond the immediate fix Lead client developer workshops to explain findings and patterns, helping teams build security resilience rather than just fixing the listed issues Engagement Delivery — Adjacent Application Security Wor
Application penetration testing across web, API, and mobile targets, particularly where engagements span code review and dynamic testin g Threat modeling on new product designs and existing systems using STRIDE, attack trees, or equivalent frameworks Secure design reviews of architecture, authentication systems, cryptographic implementations, and inter-service communicatio SDLC advisory engagements: helping clients integrate code review, threat modeling, and security testing into their development lifecycle (CI/CD, pull-request workflows, developer training) Client Engagement
Serve as the senior technical voice in engagement status meetings, client workshops, technical deep-dives, and developer training sessions Build trusted technical relationships with client engineering leadership, AppSec teams, and security architects Translate technical findings for two distinct audiences: developers who need to fix the issue, and security leadership who need to understand the business risk and pattern Support pre-sales conversations with technical credibility — scoping calls, capability discussions, and proposal input Practice Contribution and Mentorship
Mentor junior and mid-level consultants in code review methodology, vulnerability research, and client engagement — even without direct reporting authority Contribute to IOActive's code review playbooks, tooling, methodologies, and report templates Identify opportunities to extend IOActive's AppSec capability — new tooling, target stacks, research directions, or service offerings Collaborate with adjacent practices (Red Team, Hardware/Silicon, Advisory) on composite engagements Research and Market Presence
Contribute to IOActive's application security research — vulnerability discovery, novel attack techniques, framework- or platform-specific findings Build personal profile in the application security community: conference talks (Black Hat, DEF CON, OWASP Global, BSides, regional AppSec events), published research, working group participation Represent IOActive in AppSec industry conversations, OSS security efforts, and customer advisory engagements as opportunities arise
What You'll Bring
Experience and Background
5+ years in offensive security services, with at least 2–3 years focused on application security and source code review Hands-on engagement delivery across multiple AppSec disciplines — code review, application penetration testing, threat modeling, or SDLC consulting Deep code review expertise in at least two of: JavaScript / TypeScript (Node.js, modern frontends), Python (Django, Flask, FastAPI), Java (Spring, J2EE), C# / .NET (ASP.NET, Core), C / C++, Rust, GoLang. Working competence in additional languages a strong plus. Working knowledge of common framework patterns, ORM behavior, authentication and authorization libraries, cryptographic libraries, and the security pitfalls particular to each Familiarity with vulnerability classes Nice to have - Familiarity with relevant standards and frameworks: OWASP ASVS, NIST SSDF, BSIMM, SAMM [AM3] [AM4] Capabilities
Strong technical credibility and the comfort to operate as the senior voice on engagements Excellent written communication — you produce reports that developers act on rather than file Strong verbal communication, with the ability to both present as a subject matter expert in technical discussions and deliver complex concepts, results, etc. to a general audience Comfort moving between languages and stacks — specialists who insist on a single technology stack don't fit this role Collaborative mindset — AppSec engagements typically involve close coordination with delivery teams and client developers Genuine curiosity about how systems work, and patience for reading code carefully — code review consultants who succeed at IOActive are the ones who find the work interesting rather than tedious Credentials
Relevant bachelor's degree or equivalent experience Relevant industry certifications strongly preferred: OSCP, OSWE, GWAPT, CSSLP, GWEB, or equivalent application-security focused credentials What We Offer
🎯 A chance to work with an industry leader in cyber security
💡 Access to world-class technical teams and research
🏆 A high-energy, collaborative team that values innovation
💻 Flexibility—work remotely or from the office as needed
✈️ Opportunities for travel
💰 Competitive compensation and performance-based incentives
US base salary range $75,000 - $175,000, depending on experience level, background and location.
If this sounds like your kind of challenge, we’d love to hear from you. Let’s talk!
Why I O Active:
We have over 25 years of experience that’s established and stable; yet high-growth with the energy, passion and dynamic work environment of a startup. We are renowned for our innovation and thought leadership within our high-profile, cutting edge space. We're one of “the good guys” doing crazy cool stuff to thwart bad guys in a critically important business, social and political arena. Our work is great fun with great importance. Above all else, we value our people and our customers. Relationships matter.
IOActive is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. IOActive makes hiring decisions based solely on qualifications, merit, and business needs at the time.
Full job record
| Job ID | 09cba68af9c30712f48fcf4913e04e07ee64f38a |
| Org ID | 947ab09d-5799-4969-afa0-b9191947a24d |
| Source ID | 26ce68a8-7700-4ef9-8b14-c1ceee379c88 |
| Board ID | 26ce68a8-7700-4ef9-8b14-c1ceee379c88 |
| Provider | rippling |
| Provider Job Key | 9bef6f9d-bb0a-4ac9-8cab-25db0d0e2b15 |
| Title | Senior Security Consultant, Application Security |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | Canada |
| Department | Service Delivery |
| Team | — |
| Employment Type | full_time |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | Canada |
| Region | — |
| City | — |
| Salary Raw | salary range $75,000 - $175,000, depending on experience level, background and location |
| Salary Min | 75,000 |
| Salary Max | 175,000 |
| Salary Currency | USD |
| Salary Period | year |
| Source URL | https://ats.rippling.com/ioactive-tc/jobs/9bef6f9d-bb0a-4ac9-8cab-25db0d0e2b15 |
| Apply URL | https://ats.rippling.com/ioactive-tc/jobs/9bef6f9d-bb0a-4ac9-8cab-25db0d0e2b15 |
| First Seen At | 2026-06-20 08:57:50Z |
| Last Seen At | 2026-06-20 08:57:50Z |
| Last Checked At | 2026-06-20 08:57:50Z |
| Last Changed At | 2026-06-20 08:57:50Z |
| Inactive At | — |
| Source Posted At | 2026-06-19 23:09:33Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=rippling/board=ioactive-tc/date=2026-06-20/2026-06-20T08-57-48-799Z-d6a58293d5e0e40fcae68d6f986f3bcf2a2fdf01659be3a84f774f8391efcc58.json |
Event Fields
{
"content_hash": "05bc3ced48a6a43f5e2e114f46b64df33ce4e37800c07290680b2671742dd2a8",
"source_hash": "56206490e6db28f2a5efd3e8749bb42c3a675889ef4eeb2bc7ca4a3d6423932e",
"last_changed_at": "2026-06-20T08:57:50.473Z",
"active_status": "active"
}Parsed Structured
{
"dedupe": null,
"language": "en-us",
"location": {
"raw": "Canada",
"city": null,
"region": null,
"country": "Canada",
"is_remote": true,
"confidence": 0.98,
"workplace_type": "remote"
},
"salary_max": 175000,
"salary_min": 75000,
"inferred_at": "2026-06-20T08:57:50.471Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en-us",
"location": {
"raw": "Canada",
"city": null,
"region": null,
"country": "Canada",
"is_remote": true,
"confidence": 0.98,
"workplace_type": "remote"
},
"countries": [
"Canada"
]
},
"remote_policy": "remote",
"salary_period": "year",
"workplace_type": "remote",
"salary_currency": "USD"
}Extensions
{}Native Structured
{
"list_job": {
"id": "9bef6f9d-bb0a-4ac9-8cab-25db0d0e2b15",
"url": "https://ats.rippling.com/ioactive-tc/jobs/9bef6f9d-bb0a-4ac9-8cab-25db0d0e2b15",
"name": "Senior Security Consultant, Application Security",
"language": "en-US",
"locations": [
{
"city": null,
"name": "Canada",
"state": null,
"country": "Canada",
"stateCode": null,
"countryCode": "CA",
"workplaceType": "REMOTE"
}
],
"department": {
"name": "Service Delivery"
}
},
"detail_job": {
"url": "https://ats.rippling.com/ioactive-tc/jobs/9bef6f9d-bb0a-4ac9-8cab-25db0d0e2b15",
"name": "Senior Security Consultant, Application Security",
"uuid": "9bef6f9d-bb0a-4ac9-8cab-25db0d0e2b15",
"board": {
"logo": {
"url": "https://prod-images.rippling.com/d2f30429107e2af330addb0ea59eb6f6cedbc3f7.jpeg?Expires=1782032270&Signature=W2YsGami2p6zMisRSHJBlgfxfj2VK~yI3vTqOANxTMmTl3LYjNOtUWX0iIkTFwDtuQavIW7JNc7wv-do2FDoisHXlClgQBJ-tLAjWeHMB4JOPyi0Oa7i0E~p5hytwtOqWE-Onn~pBbP0KI8Gs9mg-VCtxbG7KL8a~euXckgc0iz-EdLfzEHKx9BFqcwhhOn-FWEz-9RwCNflc6vtHY2iK8oPRXq8b3M8hcpjDXjSvCqJ9xfeJX87tfRC4H11wviEbrbR6TpRleCoVXmDGkVYKbP5KGi3feGj0i0WLsegKxhkd~RrTr1IaMZLXG2CO8N1I532ztZzqDeGNtfCYkkHyQ__&Key-Pair-Id=K2Y26R2ZPP26PH",
"name": "IOActive-logo jpg.jpg",
"type": "image/jpeg"
},
"slug": "ioactive-tc",
"title": "\"Making the world a safer and more secure place\" ",
"banner": {
"url": null,
"name": "",
"type": ""
},
"boardURL": "https://ats.rippling.com/ioactive-tc/jobs",
"fontType": null,
"subtitle": null,
"boardType": "RIPPLING",
"linkColor": null,
"buttonColor": null,
"legalNotice": null,
"buttonTextColor": null,
"noOpeningsMessage": null,
"groupJobsByLocation": true,
"showBoardLogoOnJobPost": true,
"showCompanyInfoUnderJobPost": false
},
"createdOn": "2026-06-19T16:09:33.394000-07:00",
"department": {
"name": "Service Delivery",
"base_department": "Service Delivery",
"department_tree": [
"Service Delivery"
]
},
"companyName": "IOActive, Inc.",
"description": {
"role": "<meta><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">About the Role</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"font-size:10pt;white-space:pre-wrap;\"> </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">The Senior Consultant, Application Security is a senior technical practitioner in IOActive's Application Security practice, with secure code review as the central specialty.</span><a href=\"#_msocom_1\" target=\"_blank\" class=\"css-173makr-linkStyle\" style=\"color:rgb(30,74,169);cursor:pointer;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">[AM1]</span></a><span style=\"white-space:pre-wrap;\"> </span><a href=\"#_msocom_2\" target=\"_blank\" class=\"css-173makr-linkStyle\" style=\"color:rgb(30,74,169);cursor:pointer;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">[AM2]</span></a><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\"> The role centers on deep manual code audit work across web and systems languages, paired with application penetration testing, threat modeling, and Secure Development Lifecycle (SDLC) advisory engagements.</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"font-size:10pt;white-space:pre-wrap;\"> </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Code review engagements at IOActive span the full landscape: source code reviews on production codebases for enterprise web applications, mobile backends, embedded systems, and cryptographic implementations; application penetration testing against web, API, and mobile targets; threat modeling for new product designs; and SDLC advisory work helping clients integrate security into their development processes. The Senior Consultant brings particular depth in code review and broad competence across the adjacent work.</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">What You'll Do</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">Engagement Delivery — Code Review (primary, ~50–60%)</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Lead manual source code reviews on complex production codebases spanning web applications, mobile backends, APIs, and embedded systems</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Identify vulnerability classes ranging from common (injection, authentication and authorization flaws, SSRF, XSS, deserialization) to nuanced (race conditions, deserialization gadgets, cryptographic implementation flaws, business logic vulnerabilities, architectural weaknesses)</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Author findings reports that developers can act on: clear remediation guidance, working proof-of-concepts where appropriate, and architectural recommendations beyond the immediate fix</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Lead client developer workshops to explain findings and patterns, helping teams build security resilience rather than just fixing the listed issues</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\"> Engagement Delivery — Adjacent Application Security Wor</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Application penetration testing across web, API, and mobile targets, particularly where engagements span code review and dynamic testin</span><span style=\"font-size:7pt;white-space:pre-wrap;\">g</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Threat modeling on new product designs and existing systems using STRIDE, attack trees, or equivalent frameworks</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Secure design reviews of architecture, authentication systems, cryptographic implementations, and inter-service communicatio</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">SDLC advisory engagements: helping clients integrate code review, threat modeling, and security testing into their development lifecycle (CI/CD, pull-request workflows, developer training)</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">Client Engagement</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Serve as the senior technical voice in engagement status meetings, client workshops, technical deep-dives, and developer training sessions</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Build trusted technical relationships with client engineering leadership, AppSec teams, and security architects</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Translate technical findings for two distinct audiences: developers who need to fix the issue, and security leadership who need to understand the business risk and pattern</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Support pre-sales conversations with technical credibility — scoping calls, capability discussions, and proposal input</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">Practice Contribution and Mentorship</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Mentor junior and mid-level consultants in code review methodology, vulnerability research, and client engagement — even without direct reporting authority</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Contribute to IOActive's code review playbooks, tooling, methodologies, and report templates</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Identify opportunities to extend IOActive's AppSec capability — new tooling, target stacks, research directions, or service offerings</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Collaborate with adjacent practices (Red Team, Hardware/Silicon, Advisory) on composite engagements</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">Research and Market Presence</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Contribute to IOActive's application security research — vulnerability discovery, novel attack techniques, framework- or platform-specific findings</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Build personal profile in the application security community: conference talks (Black Hat, DEF CON, OWASP Global, BSides, regional AppSec events), published research, working group participation</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Represent IOActive in AppSec industry conversations, OSS security efforts, and customer advisory engagements as opportunities arise</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">What You'll Bring</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">Experience and Background</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">5+ years in offensive security services, with at least 2–3 years focused on application security and source code review</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Hands-on engagement delivery across multiple AppSec disciplines — code review, application penetration testing, threat modeling, or SDLC consulting</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Deep code review expertise in at least two of: JavaScript / TypeScript (Node.js, modern frontends), Python (Django, Flask, FastAPI), Java (Spring, J2EE), C# / .NET (ASP.NET, Core), C / C++, Rust, GoLang. Working competence in additional languages a strong plus.</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Working knowledge of common framework patterns, ORM behavior, authentication and authorization libraries, cryptographic libraries, and the security pitfalls particular to each</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Familiarity with vulnerability classes</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Nice to have - Familiarity with relevant standards and frameworks: OWASP ASVS, NIST SSDF, BSIMM, SAMM</span><a href=\"#_msocom_3\" target=\"_blank\" class=\"css-173makr-linkStyle\" style=\"color:rgb(30,74,169);cursor:pointer;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">[AM3]</span></a><span style=\"white-space:pre-wrap;\"> </span><a href=\"#_msocom_4\" target=\"_blank\" class=\"css-173makr-linkStyle\" style=\"color:rgb(30,74,169);cursor:pointer;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">[AM4]</span></a><span style=\"white-space:pre-wrap;\"> </span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\"> Capabilities</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Strong technical credibility and the comfort to operate as the senior voice on engagements</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Excellent written communication — you produce reports that developers act on rather than file</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Strong verbal communication, with the ability to both present as a subject matter expert in technical discussions and deliver complex concepts, results, etc. to a general audience</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Comfort moving between languages and stacks — specialists who insist on a single technology stack don't fit this role</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Collaborative mindset — AppSec engagements typically involve close coordination with delivery teams and client developers</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Genuine curiosity about how systems work, and patience for reading code carefully — code review consultants who succeed at IOActive are the ones who find the work interesting rather than tedious</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">Credentials</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Relevant bachelor's degree or equivalent experience</span></li><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">Relevant industry certifications strongly preferred: OSCP, OSWE, GWAPT, CSSLP, GWEB, or equivalent application-security focused credentials</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">What We Offer</strong></b><span style=\"font-size:10pt;white-space:pre-wrap;\"> </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">🎯</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">A chance to work with an industry leader in cyber security</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">💡</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">Access to world-class technical teams and research</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">🏆</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">A high-energy, collaborative team that values innovation</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">💻</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">Flexibility—work remotely or from the office as needed</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">✈️</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">Opportunities for travel</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">💰</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">Competitive compensation and performance-based incentives</span></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:10pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;text-align:start;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">US base salary range $75,000 - $175,000, depending on experience level, background and location. </span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><span style=\"font-size:10pt;white-space:pre-wrap;\"> </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">If this sounds like your kind of challenge, we’d love to hear from you. </span><b><strong style=\"white-space:pre-wrap;\">Let’s talk!</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:start;\"><b><strong style=\"font-size:11pt;white-space:pre-wrap;\">Why</strong></b><span style=\"white-space:pre-wrap;\"> </span><b><strong style=\"font-size:11pt;white-space:pre-wrap;\">I</strong></b><b><strong style=\"color:rgb(255,0,0);font-size:11pt;white-space:pre-wrap;\">O</strong></b><b><strong style=\"font-size:11pt;white-space:pre-wrap;\">Active:</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0pt 0px;padding:0px;text-align:start;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0pt 0px;padding:0px;text-align:justify;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">We have over 25 years of experience that’s established and stable; yet high-growth with the energy, passion and dynamic work environment of a startup. We are renowned for our innovation and thought leadership within our high-profile, cutting edge space.</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">We're one of “the good guys” doing crazy cool stuff to thwart bad guys in a critically important business, social and political arena. Our work is great fun with great importance. Above all else, we value our people and our customers. Relationships matter.</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:justify;\"><span style=\"font-size:10pt;white-space:pre-wrap;\"> </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0in 0px;padding:0px;text-align:justify;\"><i><em style=\"white-space:pre-wrap;\">IOActive is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.</em></i></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0in 0px;padding:0px;text-align:justify;\"><i><em style=\"white-space:pre-wrap;\"> </em></i></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0in 0px;padding:0px;text-align:justify;\"><i><em style=\"white-space:pre-wrap;\">This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. IOActive makes hiring decisions based solely on qualifications, merit, and business needs at the time.</em></i></p>",
"company": "<meta><h2 style=\"font-family:"Basel Grotesk",Arial,sans-serif;line-height:1.38;font-size:17.5pt;font-weight:600;letter-spacing:0.5px;margin-top:0px;margin-bottom:0px;text-align:start;padding-left:0px;\"><span style=\"font-size:17.5pt;white-space:pre-wrap;\">OUR MISSION UNITES US</span></h2><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:justify;\"><i><b><strong style=\"font-size:10pt;font-style:italic;white-space:pre-wrap;\">\"Making the world a safer and more secure place.</strong></b></i><span style=\"font-size:10pt;white-space:pre-wrap;\">\"</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:justify;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:justify;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">It’s our mission, plain and simple. It drives everything we do – from research to client work to community involvement. And it unifies our global team into an elite force with integrity, fierce passion, and relentless creativity that doesn’t just “push the envelope” or “think outside the box.” We shred the envelope, crush the box, and we have fun doing it. We are always looking for people who share our mission to join us.</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px;padding:0px;text-align:justify;\"><br></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px 0px 1.5em;padding:0px;text-align:justify;\"><b><strong style=\"font-size:10pt;white-space:pre-wrap;\">About IOActive:</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px 0px 1.5em;padding:0px;text-align:justify;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">IOActive, a trusted partner for Global 1000 enterprises, provides research-fueled security services across all industries. Our cutting-edge cybersecurity teams provide highly specialized technical and programmatic services including full-stack penetration testing, program efficacy assessments, and hardware hacking. IOActive brings a unique attacker’s perspective to every engagement to maximize cybersecurity investments and improve the security posture and operational resiliency of our clients. Founded in 1998, IOActive is headquartered in Seattle with global operations, including state of the art hardware hacking labs in Seattle, WA, Madrid, Spain and Cheltenham, UK.</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:10pt;font-weight:400;line-height:1.38;letter-spacing:0.25px;margin:0px 0px 1.5em;padding:0px;text-align:justify;\"><br></p>"
},
"workLocations": [
"Remote (United States)",
"United Kingdom",
"Canada",
"Spain",
"Brazil"
],
"employmentType": {
"id": "Salaried, full-time",
"label": "SALARIED_FT"
},
"payRangeDetails": [],
"activeJobApplication": {
"basicQuestions": [
{
"oid": "first_name",
"title": "First name",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "last_name",
"title": "Last name",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "email",
"title": "Email",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "pronouns",
"title": "Pronouns",
"required": false,
"fieldType": "PRONOUN"
},
{
"oid": "current_company",
"title": "Current company",
"required": false,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "phone_number",
"title": "Phone number",
"required": true,
"fieldType": "PHONE_NUMBER"
},
{
"oid": "location",
"title": "Location (city only)",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "resume",
"title": "Resume",
"required": true,
"fieldType": "FILE"
},
{
"oid": "cover_letter",
"title": "Cover letter",
"required": false,
"fieldType": "FILE"
}
],
"customQuestions": null,
"additionalQuestions": [
{
"id": "6a35cc2dc52b85443425f243",
"form": {
"sections": [],
"questions": [
{
"tags": [],
"title": "What is your permanent country of residence",
"canEdit": false,
"dataType": "Text",
"isPrivate": false,
"uniqueKey": "112c425f-943e-4a5e-9eca-4f8d75a809ef",
"intChoices": [],
"isRequired": true,
"strChoices": [],
"description": "",
"questionType": "SHORT_ANSWER",
"allowComments": false,
"isOtherEnabled": false,
"isMultiSelectEnabled": false
},
{
"tags": [],
"title": "What country (or countries) are you legally authorized for work? ",
"canEdit": false,
"dataType": "Text",
"isPrivate": false,
"uniqueKey": "cfa8b569-3ec7-412d-a3bb-9d3ce4b24ceb",
"intChoices": [],
"isRequired": true,
"strChoices": [],
"questionType": "SHORT_ANSWER",
"allowComments": false,
"isOtherEnabled": false,
"isMultiSelectEnabled": false
}
],
"skipLogic": [],
"deletedSections": [],
"deletedQuestions": []
},
"name": "Country where authorized"
},
{
"id": "6a35cc2dc52b85443425f244",
"form": {
"sections": [],
"questions": [
{
"tags": [],
"title": "What are your total compensation expectations?",
"canEdit": false,
"dataType": "Text",
"isPrivate": false,
"uniqueKey": "756dd795-2ed9-45d5-b2ac-23b6090e8c59",
"intChoices": [],
"isRequired": true,
"strChoices": [],
"description": "",
"questionType": "SHORT_ANSWER",
"allowComments": false,
"isOtherEnabled": false,
"isMultiSelectEnabled": false
}
],
"skipLogic": [],
"deletedSections": [],
"deletedQuestions": []
},
"name": "Salary Expectations"
}
]
},
"hasAIEvaluationsEnabled": false,
"eeocQuestionnaireEnabled": false,
"applicationConfirmationTemplate": "685441148ebcae8c6861cd78",
"eeocQuestionnaireEnabledForJobPost": false
},
"detail_meta": {
"url": "https://ats.rippling.com/api/v2/board/ioactive-tc/jobs/9bef6f9d-bb0a-4ac9-8cab-25db0d0e2b15",
"http_status": 200,
"content_type": "application/json",
"response_bytes": 32240
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/09cba68af9c30712f48fcf4913e04e07ee64f38a?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/947ab09d-5799-4969-afa0-b9191947a24dJSONGET https://api.bluedoor.sh/job-postings/v1/sources/26ce68a8-7700-4ef9-8b14-c1ceee379c88JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/09cba68af9c30712f48fcf4913e04e07ee64f38a/eventsJSON