Senior Security Engineer โ Secure Code Review
๐ San Francisco, California
๐ข On-site | Full-Time
My client is seeking a Senior Security Engineer to join their Application Security practice. This role is ideal for a hands-on AppSec professional with a strong software development background and deep experience performing secure code reviews, analysing CVEs, and working with SAST and SCA tools in real production environments
.
Responsibiliti
- esPerform secure code reviews across Java and C#/.NET applicatio
- nsAnalyse and triage vulnerabilities in open-source libraries and frameworks (CVE analysi
- s)Assess applications against OWASP Top 10 and identify exploitable security issu
- esProvide developers with actionable remediation guidance and architectural recommendatio
- nsUse AI-assisted code analysis tools to accelerate vulnerability detection and validate findin
- gsSupport vulnerability management, risk assessments, and compensating controls such as WAF rul
- esResearch emerging open-source vulnerabilities and produce mitigation guidan
ce
Must-Have Ski
- lls8+ years in software development, application security, or b
- othHands-on experience with SAST and/or SCA tools (e.g. Checkmarx, SonarQube, Black Du
- ck)Real-world experience performing CVE analysis and exploitability tri
- ageStrong Java proficiency (JDK 8โ21, Spring, Maven/Grad
- le)Ability to review and understand complex codebases written by oth
- ersSolid understanding of OWASP Top 10 and secure coding princip
les
Preferred Sk
- illsC#/.NET and ASP.NET Core experi
- enceDAST tools such as Burp Suite or OWASP
- ZAPExperience writing or validating WAF r
- ulesSecure SDLC, threat modelling, or security champion progra
- mmesConsulting or professional services backgr
- oundCloud application security experience (AWS, Azure, or
- GCP)Certifications such as CSSLP, GWEB, GPEN, or
OSCP