Overview
I build multiple production SaaS applications using Cursor, modern AI-assisted workflows, and cloud-native stacks. I am not looking for someone to implement security controls for me.
I am looking for a senior security consultant who can teach, review, and pressure-test my approach, so I can personally own security decisions across my products long term.
This is an advisor / educator role, not a hands-on engineering role.
⸻
What This Role IS
You will:
• Teach me how to think about application security correctly
• Review my architecture, workflows, and assumptions
• Explain why certain controls matter and where risk actually lives
• Help me build repeatable mental models, checklists, and decision frameworks
• Identify common security mistakes made in AI-assisted development (Cursor, Copilot, etc.)
• Help me design a security-first development discipline I can reuse across apps
⸻
What This Role Is NOT
• ❌ You will NOT write code
• ❌ You will NOT configure servers, IAM, or tools
• ❌ You will NOT “take over” security implementation
• ❌ You will NOT act as a managed security provider
If you are looking for an implementation-heavy role, this is not a fit.
⸻
Scope of Topics (High Priority)
You should be comfortable teaching and reviewing topics such as:
Application & SaaS Security
• Threat modeling for SaaS apps
• Authentication & authorization patterns (RBAC, RLS, tenant isolation)
• API security (tokens, scopes, rotation, abuse prevention)
• Secrets management (local dev, Cursor, CI/CD, prod)
• Secure data modeling (multi-tenant risks, leakage patterns)
AI-Assisted Development Risks
• Security risks unique to Cursor / AI-generated code
• How to review AI-generated code safely
• Preventing silent insecure defaults
• Prompt leakage, credential exposure, local environment risks
Cloud & Ops (Conceptual Level)
• Secure environment separation (local / staging / prod)
• Logging, auditability, and incident readiness
• Secure deployment workflows (conceptual, not setup)
Founder-Level Security Thinking
• What matters at early scale vs later scale
• Where founders over-engineer vs under-secure
• How to balance speed with real risk
• How to spot “security theater”
⸻
Engagement Structure
• Advisory sessions (video or live review)
• Whiteboarding, walkthroughs, and Q&A
• Security reviews of my thinking and architecture, not code delivery
• Ongoing mentorship preferred over one-off audits
⸻
Ideal Background
You are likely a:
• Senior Application Security Engineer
• Product Security Lead
• SaaS Security Architect
• Former security consultant who enjoys teaching founders
You must be able to explain complex security concepts clearly, without fear-mongering or generic checklists.
⸻
How to Apply
Please include:
1. A brief summary of your application security background
2. Experience advising founders or senior engineers
3. One example of how you’ve taught security concepts, not implemented them
4. Your preferred engagement model (hourly / retainer)
⸻
Success Criteria
I should walk away with:
• Clear security mental models
• Practical, founder-owned security discipline
• Confidence in reviewing my own apps
• Fewer blind spots as I scale multiple products