Senior Security Consultant (Secure Code Review + Web Application Penetration Tes

NetSPI is a proactive security solution provider, offering penetration testing, attack surface management, and breach and attack simulation to help businesses discover, prioritize, and remediate security vulnerabilities.

NetSPI

Employee count: 501-1000

Canada only

*This is a remote position, and candidates must be located in Ontario, CA.

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.  

NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.  

NetSPI is seeking a Senior Security Consultant who will serve as a resource for delivery of secure code review and web application penetration assessments.  This position requires an understanding of various web technologies, enterprise secure development and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution.

Responsibilities:

Conduct in-depth penetration testing and secure code review assessments on web applications
Dynamically exploit vulnerabilities found in codebase and correlate insecure coding practices into dynamic application vulnerabilities
Deliver secure code review assessment on programming languages such as Java, C#, Python, C/C++, Perl, PHP
Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques
Train and assist developers in writing secure software and remediating existing vulnerabilities
Provide oversight to peers on service lines through QA process
Mentor and assist team members in effectively delivering assessments and enhancing skillsets
Present detailed penetration test findings to clients and assist in remediation planning
Engage in research to develop new penetration testing methods, tools, and innovative exploit techniques
Contribute to the cybersecurity community through tools, presentations, white papers, and blogging
Maintain consistency with other internal requirements related to day-to-day administration tasks (time keeping, status updates to clients, etc.)

Minimum Qualifications:

Minimum of 3-5 years of experience in application security including both secure code review and web application penetration testing
Exceptional familiarity in all Burp Suite functions. Published Burp extensions and ability to create new Burp Suite extensions preferred
Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code
Ability to explain risk and business impact of security vulnerabilities to variety of audience
Bachelor’s degree or higher, preferably in Computer Science, Engineering, Mathematics, IT, or a related field; equivalent experience will also be considered.
Willingness to travel up to 25%

Preferred Qualifications:

Ability to provide technical and QA oversight on Web Application Penetration Testing and Secure Code Review service lines.
Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities using SAST and/or manual secure code review in at least two of the following languages: Java, C#, PHP, Python, C/C++
Experience in software development in at least one server-side programming language

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.  

Apply now

Please let NetSPI know you found this job on Himalayas. This helps us grow!

Apply now

About the job

Apply before

Sep 25, 2025

Posted on

Jul 27, 2025

Job type

Full Time

Experience level

Senior

Location requirements

Canada

Hiring timezones

Canada +/- 0 hours

About NetSPI

Learn more about NetSPI and their company culture.

View company profile

At NetSPI, we are at the forefront of cybersecurity innovation, dedicated to revolutionizing how organizations approach proactive security. Through groundbreaking technology and human ingenuity, we empower businesses to discover, prioritize, and remediate their most critical security vulnerabilities with unparalleled clarity, speed, and scale. Our comprehensive suite of solutions, including Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS), are seamlessly integrated into The NetSPI Platform. This unified platform provides a holistic view of an organization's security posture, enabling security teams to move beyond reactive measures and adopt a truly proactive stance against evolving cyber threats.

NetSPI's commitment to innovation is exemplified by our continuous development of advanced security solutions, such as our AI/ML Penetration Testing and Software as a Service (SaaS) Security Assessment offerings. We leverage the deep expertise of our more than 300 in-house global pentesters, who have conducted over 21,000 engagements and identified millions of vulnerabilities for the world's most prominent organizations. This extensive experience, combined with our intelligent processes and advanced technology, allows us to deliver high-impact results and actionable recommendations tailored to each client's unique business needs. We are constantly pushing the boundaries of AI-driven security, as demonstrated by our LLM Benchmarking and Jailbreaking Services, designed to fortify organizations against sophisticated cyber threats. By fostering a culture of continuous learning and development, exemplified by initiatives like NetSPI University, we ensure our team remains at the cutting edge of cybersecurity, enabling our clients to protect their priorities, enhance their performance, and innovate with confidence in an increasingly complex digital landscape.

Tech stack

Learn about the tools and technologies that NetSPI uses to build, market, and sell its products.

View tech stack

Python

Java

Ruby

Perl

Apache Spark

Apache Flink

Jenkins

PostgreSQL

Font Awesome

Piwik

NetSPI employees can create an account create an account to update this tech stack.

Employee benefits

Learn about the employee benefits and perks provided at NetSPI.

View benefits

Remote Work

NetSPI supports remote work options.

Flexible Time Off

NetSPI offers flexible time off to its employees.

Comprehensive Benefits

NetSPI provides comprehensive benefits to its employees.

Development Opportunities

We encourage and invest in our team to regularly receive training to supplement their skillset — many of our employees also attend and speak at conferences. Lastly, we run NetSPI University, a training program for entry-level cybersecurity talent to develop core pentesting skills.

View NetSPI's employee benefits

Apply now

Please let NetSPI know you found this job on Himalayas. This helps us grow!

Apply now