Software Security Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
• 5+ years of experience in source code auditing, software development, or application security.
• Strong understanding of secure coding principles, software vulnerabilities, and common attack vectors (e.g., SQL injection, cross-site scripting, buffer overflow).
• Proficiency in multiple programming languages and familiarity with a variety of development frameworks and environments.
• Experience with automated code review tools (e.g., SonarQube, Coverity, Checkmarx, Veracode) and manual code review techniques.
• Excellent analytical and problem-solving skills with a keen eye for detail.
• Strong communication skills, with the ability to explain complex technical concepts to non-technical stakeholders.

Nice To Haves

• Relevant certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are a plus.

Responsibilities

• Conduct thorough audits of source code to identify vulnerabilities, security weaknesses, and coding inefficiencies.
• Review and analyze code across a variety of programming languages and frameworks, including but not limited to Python, Java, C++, JavaScript, Swift and Kotlin.
• Develop and maintain code auditing standards, processes, and tools to ensure consistent and high-quality reviews.
• Collaborate with development teams to provide feedback and guidance on secure coding practices and remediation strategies.
• Prepare detailed audit reports that outline findings, risks, and recommendations for improving code security and quality.
• Stay up to date with the latest security threats, coding standards, and best practices to continuously improve audit processes.
• Mentor junior auditors and provide guidance on auditing techniques, tools, and best practices.
• Work with cross-functional teams to integrate security practices into the software development lifecycle (SDLC).
• Assist in developing and conducting security training and awareness programs for development teams.

Benefits

• Salary range: $100,000-$140,000
• Free snacks and drinks, and provided lunch on Fridays
• Fully paid medical, dental, and vision insurance (partial coverage for dependents)
• Contributions to 401k funds
• Bi-annual reviews, and annual pay increases
• Health and wellness benefits, including free gym membership
• Quarterly team-building events