Application Security Consultant, Madrid
Empresa
UST
Provincia
Madrid
Ciudad
Madrid
Tipo de Contrato
Tiempo Completo
Descripción
Application Security Consultant
We are still looking for the very Top Talent and we would be delighted if you were to join our team!
More in details, UST is a multinational company based in North America, certified as a Top Employer company with over 35.000 employees all over the world and presence in more than 35 countries. We are leaders on digital technology services, and we provide large-scale technologic solutions to big companies.
What are we looking for?
We are seeking an experienced Application Security Analyst with 5-7 years of hands-on expertise in securing web, mobile, and API applications across the full software development lifecycle. This role sits at the intersection of application security and DevSecOps, blending offensive security testing with secure SDLC and automation practices.
The ideal candidate will have a strong foundation in penetration testing, code review, and threat modeling, along with experience integrating security into CI/CD pipelines, leveraging tools for SAST, DAST, SCA, and container security. The consultant will bring hands-on expertise in penetration testing, secure code review, and threat modeling, while also guiding the integration of security into CI/CD pipelines and broader DevSecOps workflows.
Key Responsibilities
Application Security Testing
Conduct penetration testing of web, mobile, and API applications.
Validate vulnerabilities through manual testing beyond automated scans.
Identify both technical flaws (injection, auth bypass) and logic issues in workflows.
Apply relevant offensive techniques such as fuzzing, SSRF, deserialization, and business logic abuse.
Shift-Left Security
Support secure SDLC adoption by reviewing designs, user stories, and code for security risks.
Provide security input during design and sprint planning.
Work closely with development teams to integrate security testing into CI/CD pipelines.
Conduct code reviews for critical applications and APIs.
Advisory Collaboration
Deliver remediation guidance aligned with secure coding practices and frameworks (e.g., OWASP ASVS, MASVS).
Run knowledge-sharing sessions with developers and QA teams.
Contribute to security playbooks and developer-facing guidance.
Reporting Governance
Produce detailed technical reports with reproduction steps and PoCs.
Deliver executive summaries that connect technical risk to business impact.
Track remediation progress and validate fixes.
Key Requirements
Technical Expertise
Strong background in application and API penetration testing.
Familiarity with modern development stacks (Java, .NET, Node.js, Python, mobile frameworks).
Exposure to code review and static analysis tools (e.g., SonarQube, Semgrep, Checkmarx).
Hands-on experience with tools like Burp Suite Pro, OWASP ZAP, Frida, Postman, and custom scripts.
Understanding of secure design principles and threat modeling.
Experience Capabilities
5-7 years in cybersecurity with a focus on application security.
Demonstrated experience in both offensive testing and working with developers to fix issues.
Strong ability to bridge technical detail with developer workflows and business risk.
Certifications preferred: OSWE, OSCP, eWPTX, Burp Suite Certified Practitioner, or secure coding credentials.
What You Will Drive:
Application security testing with coverage of both technical and logic flaws.
Early security integration across the SDLC, supporting developers directly.
Clear, actionable guidance that improves remediation and reduces repeat issues.
Stronger application security posture across deployed and in-development products.
What can we offer?
- 23 days of Annual Leave plus the 24th and 31st of December as discretionary days!
- Numerous benefits (Heath Care Plan, Internet Connectivity, Life and Accident Insurances).
- Retribución Flexible Program: (Meals, Kinder Garden, Transport, online English lessons, Heath Care Plan )
- Free access to several training platforms
- Professional stability and career plans
- UST also, compensates referrals from which you could benefit when you refer professionals.
- The option to pick between 12 or 14 payments along the year.
- Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime )
- UST Club Platform discounts and gym Access discounts
If you would like to know more, do not hesitate to apply and we ll get in touch to fill you in details. UST is waiting for you!
In UST we are committed to equal opportunities in our selection processes and do not discriminate based on race, gender, disability, age, religion, sexual orientation or nationality. We have a special commitment to Disability Inclusion, so we are interested in hiring people with disability certificate.
Skills:
penetration testing,endpoint security,advanced persistent threat,governance risk and compliance,
Ciberseguridad, DevSecOps, OWASP ASVS
We are still looking for the very Top Talent and we would be delighted if you were to join our team!
More in details, UST is a multinational company based in North America, certified as a Top Employer company with over 35.000 employees all over the world and presence in more than 35 countries. We are leaders on digital technology services, and we provide large-scale technologic solutions to big companies.
What are we looking for?
We are seeking an experienced Application Security Analyst with 5-7 years of hands-on expertise in securing web, mobile, and API applications across the full software development lifecycle. This role sits at the intersection of application security and DevSecOps, blending offensive security testing with secure SDLC and automation practices.
The ideal candidate will have a strong foundation in penetration testing, code review, and threat modeling, along with experience integrating security into CI/CD pipelines, leveraging tools for SAST, DAST, SCA, and container security. The consultant will bring hands-on expertise in penetration testing, secure code review, and threat modeling, while also guiding the integration of security into CI/CD pipelines and broader DevSecOps workflows.
Key Responsibilities
Application Security Testing
Conduct penetration testing of web, mobile, and API applications.
Validate vulnerabilities through manual testing beyond automated scans.
Identify both technical flaws (injection, auth bypass) and logic issues in workflows.
Apply relevant offensive techniques such as fuzzing, SSRF, deserialization, and business logic abuse.
Shift-Left Security
Support secure SDLC adoption by reviewing designs, user stories, and code for security risks.
Provide security input during design and sprint planning.
Work closely with development teams to integrate security testing into CI/CD pipelines.
Conduct code reviews for critical applications and APIs.
Advisory Collaboration
Deliver remediation guidance aligned with secure coding practices and frameworks (e.g., OWASP ASVS, MASVS).
Run knowledge-sharing sessions with developers and QA teams.
Contribute to security playbooks and developer-facing guidance.
Reporting Governance
Produce detailed technical reports with reproduction steps and PoCs.
Deliver executive summaries that connect technical risk to business impact.
Track remediation progress and validate fixes.
Key Requirements
Technical Expertise
Strong background in application and API penetration testing.
Familiarity with modern development stacks (Java, .NET, Node.js, Python, mobile frameworks).
Exposure to code review and static analysis tools (e.g., SonarQube, Semgrep, Checkmarx).
Hands-on experience with tools like Burp Suite Pro, OWASP ZAP, Frida, Postman, and custom scripts.
Understanding of secure design principles and threat modeling.
Experience Capabilities
5-7 years in cybersecurity with a focus on application security.
Demonstrated experience in both offensive testing and working with developers to fix issues.
Strong ability to bridge technical detail with developer workflows and business risk.
Certifications preferred: OSWE, OSCP, eWPTX, Burp Suite Certified Practitioner, or secure coding credentials.
What You Will Drive:
Application security testing with coverage of both technical and logic flaws.
Early security integration across the SDLC, supporting developers directly.
Clear, actionable guidance that improves remediation and reduces repeat issues.
Stronger application security posture across deployed and in-development products.
What can we offer?
- 23 days of Annual Leave plus the 24th and 31st of December as discretionary days!
- Numerous benefits (Heath Care Plan, Internet Connectivity, Life and Accident Insurances).
- Retribución Flexible Program: (Meals, Kinder Garden, Transport, online English lessons, Heath Care Plan )
- Free access to several training platforms
- Professional stability and career plans
- UST also, compensates referrals from which you could benefit when you refer professionals.
- The option to pick between 12 or 14 payments along the year.
- Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime )
- UST Club Platform discounts and gym Access discounts
If you would like to know more, do not hesitate to apply and we ll get in touch to fill you in details. UST is waiting for you!
In UST we are committed to equal opportunities in our selection processes and do not discriminate based on race, gender, disability, age, religion, sexual orientation or nationality. We have a special commitment to Disability Inclusion, so we are interested in hiring people with disability certificate.
Skills:
penetration testing,endpoint security,advanced persistent threat,governance risk and compliance,
Ciberseguridad, DevSecOps, OWASP ASVS