Application Security Consultant

Job Title: Application Security Consultant

Location: Luxembourg (on-site with some remote work possible)

Contract Type: Freelance

Start Date: Within 1 month

Duration: Long-term

Nationality Requirement: EU citizenship required

Number of Positions: 2

Role Overview

We are looking for two experienced Application Security Consultants to support a high-impact and long-term DevSecOps and Secure Software Development Lifecycle (SDLC) project within a critical client in Luxembourg.

You will work at the intersection of security engineering, software development, and risk management — integrating security practices into CI/CD pipelines, assessing application vulnerabilities, and contributing to the protection of both cloud and on-premise infrastructure.

Key Responsibilities

• Support DevSecOps projects with tools, scripts, and integration solutions (APIs, web services, etc.)
• Implement and enforce Secure Software Development Lifecycle (SDLC) practices
• Conduct static and dynamic application security testing (SAST & DAST)
• Design and develop Python scripts for automation and integration with platforms
• Support deployment of vulnerability scanning solutions in cloud and Kubernetes environments
• Analyse vulnerability data and recommend patching strategies
• Prepare and deliver reports and risk assessments to technical and senior stakeholders
• Configure, manage, and maintain vulnerability scanning tools
• Review system logs and manage issue resolution processes
• Conduct application penetration tests and security assessments
• Perform compliance checks against reference OS configurations (Windows, Linux/Unix)
• Follow alerts and perform technological watch on new vulnerabilities
• Contribute to architecture design and security requirement definition for projects
• Actively participate in daily reviews, incident follow-ups, and urgent response actions

Required Skills & Experience

• Minimum 6 years of relevant experience with a Master's degree, or
• Minimum 10 years of relevant experience with a Bachelor's degree
• Strong knowledge of application security, SDLC, DevSecOps, and CI/CD
• Hands-on experience with SAST, DAST, and penetration testing
• Proficiency in Python and Java
• Experience with cloud architectures (AWS, Azure) and Kubernetes
• Familiarity with vulnerability scanning tools and vulnerability management systems
• In-depth knowledge of Linux and Windows security

Certifications & Training

• Relevant security certifications required (e.g. CEH, OSCP, CISSP, CSSLP, GIAC)
• Proof of at least 2-day (16 hours) of security-related training completed within the last 12 months

Soft Skills

• Strong communication and reporting abilities
• Ability to work on multiple confidential tasks in parallel
• Capacity to operate under pressure, including during high-severity incidents
• Effective collaboration with cross-functional technical teams

Additional Information

• This is an exclusive freelance opportunity
• On-site presence in Luxembourg is required, with some flexibility for remote work
• EU nationality is a mandatory requirement due to client regulations