Software Security & Privacy Consultant

Who we are

Software Improvement Group (SIG) is a leading provider of software assurance solutions dedicated to improving software quality through advanced source code analysis and strategic advice. Our platform, Sigrid®, combined with expert consultancy, helps organizations manage their software environments effectively.

SIG is committed to accuracy and excellence. We proudly own an ISO 17025 lab certification, ensuring the highest standards in software analysis. Our leadership in AI governance and software quality is demonstrated through the authorship of ISO 5338.

As part of our ambitious growth strategy, we are looking for a Software Security & Privacy Consultant to support our North American Team.

Who we are & How we work

As a SIG consultant focusing on security & privacy, you perform technical assessments and advise clients (from Developers to C-level). You are involved in software quality in general, and your focus is on controlling security and privacy risks in mission-critical systems. Working in the state of the art of this field, you play a central role in analyzing source code, design, and the development process. You work in small teams during mostly short-term projects (mainly at our office in New York / working from home), by working with fellow experts and using special tooling. Next to analyzing source code and design, part of your work is interviewing developers and architects, discussing your results with them in workshops, and coaching them as part of long-term engagements. Apart from this, you help to develop capabilities through R&D activities further.

Where you come in

Typically, your work will consist of:

• In-depth static analysis of code and design. Manual code review strengthened with the best proprietary and third-party tools.
• Technical workshops with (lead) architects and (lead) developers to understand the technological context and discuss and verify your findings.
• Coaching development teams to help them build high-standard security & privacy software.
• Presenting results and providing recommendations to the client (usually PowerPoint).
• Contributing to our methodologies and products with your ideas.
• You will receive rigorous training in the SIG proprietary toolset and methods; we have a team of consultants with the same role you can learn from. We will help you achieve your goals through continuous professional development and regular career progression sessions.

What's in it for you

We offer you a unique opportunity to join us at the forefront of getting software right. At SIG, you can make a difference for the most prominent organizations and for critical software systems that have become important in our lives. If you, too, believe that it is essential to do something about how software is engineered, to get it under control, and to prevent serious incidents, then you can be at the heart of progress at SIG.

We offer a job with great variety, endless learning opportunities, and access to unique knowledge. We have close academic relations, and our education level is high. 85% of our employees have university degrees, and about 30% have a PhD. Our organization structure is flat, providing much room for your initiatives and ideas.

Job Requirements

• Strong expertise in Software Development, with a specialization in Secure Software Development, and a clear vision of typical topics (e.g., OWASP ASVS, static analysis tooling, SecDevOps, threat modeling, privacy by design, and cryptography).
• Analytical and able to simplify complex issues.
• A few years of experience in software engineering or code/design review.
• Strong opinion on software security/privacy and the ability to get this across.
• Preferably, you have evaluated software systems for vulnerabilities (e.g., pentest, code review).
• Great team player to help further grow the security and privacy practice.
• Excellent command of English.
• Willing to travel occasionally to perform on-site analysis.