Source Code Review Professional

Source Code Review Professional
3 - 4 years
Employee type
Full Time
Services - Consulting
Job Description
  • Perform security assessments of technology systems, application architecture, design from security standpoint
  • Assess processes to identify business risks and recommend remedial action based on established security standards or industry-specific best practices.
  • Primary focus on source code analysis and application security with risk-based approach to address issues and vulnerabilities.
  • Perform security review of application architecture, digital security methodologies and deployments and threat modelling.
  • Understanding and familiarity with common code review methods and standards.
  • Perform comprehensive Dynamic Application Security Testing (DAST)
  • Understand and analyse the applications from a security point of view.
  • Perform analysis of applications based on standard practices and secure development lifecycle.
  • Use of static code analysis tools such as Fortify, Checkmarx, Sonarcube etc.
  • Design test case automation with help of custom-scripts
  • Demonstrate team-oriented interpersonal skills, positive impactful communications, business partnership, and project management skills.
  • Analyse and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques.
  • Train and assist developers in writing secure software and remediating existing vulnerabilities.
  • Develop and review custom vulnerability description, business impact and remediation content.
  • Contribute to development and delivery of secure coding and remediation training.
  • Mentor and assist team members in effectively delivering assessments and enhancing skillsets.
  • Recommend best practices to integrate and automate application security testing in SDLC.

  • 3+ years of experience in application security including secure code review, web application penetration testing or threat modelling.
  • 2+ years of experience in secure code review / static application security testing
  • Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code.
  • Well versed with programming languages such as Java, C#, PHP, Flutter or Objective C
  • Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience.
  • Bachelor’s degree in computer science/ engineering
  • Hands-on experience with open-source and commercial SAST tools such as Checkmarks, Veracode, Fortify and SonarQube
  • Experience in integrating static application security tools in CI/CD environment.

Schedule a consultation and take proactive steps to protect your digital assets.