TRS, Senior Consultant, Application Security

We are looking for Senior Consultants for our Technical Risk Services department.

About mnemonic

mnemonic is the Nordic region’s leading IT and information security company, offering a unique combination of services and solutions. mnemonic currently has more than 200 employees, and we are rapidly growing both in Norway and internationally. For the sixth consecutive year, we are ranked as one of Norway’s and Europe’s best workplaces by Great Place to Work.

We are working side by side some of Europe’s most important organisations in the fight against cyber attacks, and we are actively participating in reputable research programs both in Europe and globally. mnemonic is also a trusted source of threat intelligence information to Europol and other international law enforcement agencies.


About Technical Risk Services (TRS)

Technical Risk Services is a consulting department assisting customers in understanding the technical risks and the vulnerabilities in their IT portfolios.

Among other things, we do penetration and security testing, technical audits, and source code analysis on existing solutions, and establish architecture, processes, and tools to help defend new solutions.


Who are we looking for?

We are looking for experienced candidates who combine technical expertise and academic dedication with business understanding and communication skills. You have worked for a while with security or within related disciplines, and want to develop your professional profile further and become a trusted advisor within the security profession.

Maybe you have already worked with security for a number of years? You can also be a developer who is passionate about creating more secure solutions and building your own testing tools, a sysadmin with experience from complex IT environments, a technical architect who has worked with security in major development projects, or a security analyst that solves "Capture the Flag" competitions as a hobby. Anyways, you understand how technology works, you pick things apart and put them back together afterwards, and work hands-on to solve demanding problems in creative ways.


Tasks and responsibilities

As a Senior Consultant working with Application Security in TRS, you will get the opportunity to work with a wide range of tasks, for example:

  • Perform vulnerability analyses and penetration tests of web applications, API and mobile apps. 
  • Perform code revision and analyse code for zero-days. 
  • Establish processes and create technical tools for secure development and DevSecOps. 
  • Establish processes and create technical tools for security testing and handling vulnerabilities. 
  • Be a part of the development team as a “Security Champion”. 
  • Give advice on security architecture and solution design.
  • Assist in procurement processes and outsourcing.
  • Assist with the establishment of cloud solutions and migration, and establish routines for secure operation.
  • Establish and development internal test and automation tools.


Expectations and qualifications

We are looking for someone that:

  • Has completed higher technical education, preferably within security or related disciplines. 
  • Has minimum three years of experience within development, testing/security testing. 
  • Has relevant certifications from infosec and pentesting. 
  • Enjoys working hands-on with technology, picking things apart to understand how they work.
  • Has experience with security related work within agile development, DevOps/DevSecOps, Cloud, microservices, serverless computing, automation, and relevant technologies. 
  • Works structurally and independently, and takes responsibility for his or her own deliveries.
  • Has knowledge about frameworks related to secure development, like Microsoft SDL and BSIMM.
  • Wants to further develop their security skills and become an expert in his or her field.
  • Has the ability to clearly communicate complex technical information, verbally and in writing.
  • Has good communication skills in English, both verbally and written.
  • Is eligible for security clearance in Norway. 
  • Has consultancy experience.

If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application.


Relevant certifications

  • Offensive Security Certified Professional (OSCP)
  • GIAC Web Application Penetration Tester (GWAPT)
  • Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK)
  • General project and method certifications (ITIL, ISTQB, PRINCE2, Scrum, etc).


What we can offer

  • An environment focusing on professional development and continuous learning, training and gaining new certifications.
  • A unique and experienced workplace with more than 180 security specialists working on some of the most challenging and exciting problems within information security.
  • Competitive terms including a collective bonus scheme for all employees.
  • A solid and profitable corporate economy providing resources for development and innovation.
  • For the past six years, mnemonic has been ranked among Norway’s and Europe’s best workplaces by Great Place to Work.


How do I apply?

If you have publications or other works that you think represents your technical skills or ability to communicate in Norwegian or English, please attach or refer to these as well.

Email us at and write “TRS-senior-consultant” in the subject field. Add a text about why you are right for the job, and your CV.


Background check

We use Semac AS for background checks in our recruitment process. It is an advantage if you qualify for a Norwegian security clearance.