About the Role
We are seeking a highly experienced Application Security Consultant to conduct a comprehensive security review of a web-based application. This is a non-invasive, review-only assignment — no remediation or code modifications are required.
You’ll work independently to assess application code and related configurations, identify any security vulnerabilities, and deliver a detailed, evidence-based security audit report.
Key Responsibilities
* Perform static code analysis and security audit of a web application.
* Identify potential vulnerabilities in logic, data handling, authentication, and access control.
* Assess the application against OWASP Top 10 and other secure coding standards.
* Review third-party dependencies for known issues.
* Produce a professional security report with risk ratings, findings, and recommendations.
Required Skills & Experience
* 4+ years in Application Security, AppSec consulting, or Secure Code Review roles.
* Deep understanding of secure coding practices in web frameworks (e.g., JavaScript, Python, PHP, Node.js).
* Familiarity with tools like Snyk, Checkmarx, Veracode, or Burp Suite (passive scanning).
* Knowledge of OWASP, CWE, and general secure software development principles.
* Strong technical writing and communication skills.
* Preferred certifications: OSCP, CSSLP, GWAPT, CEH, or equivalent.
Deliverables
* One formal written report including:
* Executive summary for non-technical stakeholders.
* Technical breakdown of findings with severity and impact.
* Recommended mitigation guidance (no implementation expected).
Why Join Us?
* Remote flexibility
* No remediation work — fully focused on review and advisory
* A project with high visibility and real-world impact
* Prompt onboarding and structured communication
How to Apply
Message us directly or email dylan@evlpc.com with your CV, availability, and examples of previous audit/reporting work if available.