Software Developer – Security Code Review

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• 5+ years of experience in software development with at least 2 years in secure code review or application security.
• Strong understanding of secure software development lifecycle (SSDLC).
• Experience identifying and remediating vulnerabilities in code written in one or more languages (e.g., C/C++, C#, Swift, Java, JavaScript, Python).
• Familiarity with security tools such as SonarQube, Fortify, Checkmarx, Veracode, or similar.
• Knowledge of OWASP Top 10, CWE/SANS 25, and CVSS scoring.
• Strong analytical, communication, and documentation skills.

Nice To Haves

• Security certifications such as OSCP, CSSLP, CEH, or GWAPT.
• Experience in regulated environments (e.g., finance, healthcare, defense).
• Familiarity with threat modeling, penetration testing, or red/blue team operations.

Responsibilities

• Perform in-depth security-focused code reviews across various codebases and languages
• Identify common and advanced security vulnerabilities (e.g., injection, XSS, insecure deserialization, insecure APIs).
• Work closely with developers to educate and guide them in secure coding practices.
• Recommend fixes and mitigation strategies, ensuring adherence to security standards (e.g., OWASP Top 10, CWE, NIST).
• Collaborate with security engineers, architects, and DevSecOps teams to enhance code security posture.
• Maintain documentation of findings and track remediation status.
• Utilize static and dynamic analysis tools to supplement manual reviews.
• Participate in security audits, threat modeling, and secure code training sessions.