Product Security Consultant

This is a fully remote position, open to applicants in Greece.

📋 Description

• Review and authenticate security documentation, including Security Targets, threat models, trust boundaries, and asset inventories.

• Evaluate the thoroughness, precision, and risk management of various threat models and risk assessment frameworks such as STRIDE, LINDDUN, OWASP, TARA, and TAL.

• Confirm the traceability of security requirements across assets, trust boundaries, and systems functionalities.

• Conduct reviews at both architectural and implementation levels of security controls, including encryption, access control, and key management.

• Execute specialized security testing (both white-box and black-box) on system APIs, client/mobile applications, backend services, and cloud infrastructure.

• Validate the implementation of cryptographic controls, key lifecycle management procedures, and secure communication protocols.

• Assess the application of post-quantum cryptography and hybrid models in secure key management practices.

• Analyze secure deployment configurations across container environments such as Docker and Kubernetes, CI/CD pipelines, and cloud services.

• Produce detailed, standards-compliant technical reports based on evaluation outcomes.

• Effectively communicate product security risks to both technical and non-technical audiences.

⛳️ Requirements

• MSc or BSc degree in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical field.

• Over 3 years of experience in product security, software evaluation, or penetration testing.

• Demonstrated ability to assess threat models, security requirements, and the effectiveness of mitigation strategies.

• Exceptional technical writing and documentation skills in English.

• Strong analytical capabilities and meticulous attention to detail.

• Comprehensive understanding of security architecture and prevalent system design patterns, including API gateways, microservices, message queues, and service meshes.

• Practical experience in conducting design-level security reviews and ensuring implementation aligns with established threat models.

• Familiarity with structured security frameworks such as Common Criteria, FIPS 140, ISO 15408, OWASP ASVS, and MASVS.

• Hands-on experience with security testing across various product environments, including mobile, embedded, web/cloud, and API.

• Knowledge of technologies related to authentication, authorization, identity, and secrets management, such as OAuth2, MFA, PKI, SSO, Cloud IAM, and HashiCorp Vault.

• Proficient in applied cryptography techniques, including mTLS, E2EE, AEAD, key derivation, key wrapping, and remote attestation.

• Ability to detect security vulnerabilities across platforms, addressing issues such as the OWASP Top 10, misconfigurations, and transport security flaws.

🏝️ Benefits

• Opportunities for professional development.

• Flexible work arrangements.