ZipRecruiter

Log In

1

Secure Code Review Jobs (NOW HIRING)

1 point system

Senior Application Security Engineer

Chicago, IL · On-site

$60.50 - $80.75/hr

Align secure coding governance with established Bank technology standards, including SDLC, secure development expectations, and code review procedures. Ensure teams understand and implement secure-by ...

Lumenci

Senior Consultant (Source Code Review)

Austin, TX · Remote

$80 - $100/hr

Senior Consultant - Source Code Review (IP Litigation) responsible for deep-dive firmware, driver ... Work independently in secure "clean room" environments, adhering to all confidentiality and ...

Marqeta

Principal Security Engineer, Product & AI

Define and maintain secure development lifecycle practices including secure code review standards, API security patterns, and authentication/authorization frameworks * Develop self-service security ...

Bridge Tech

Pen Tester

San Francisco, CA · On-site

... Conduct secure code review trainings to developers - Understanding of OWASP, SANS, CWE standards, - Experience with enforcing application security in the SDLC of web applications - Develop ...

Bridge Tech

Pen Tester

San Francisco, CA · On-site

Conduct secure code review trainings to developers * Understanding of OWASP, SANS, CWE standards, * Experience with enforcing application security in the SDLC of web applications * Develop ...

StartupTAP

Lead AI AppSec Engineer

New York, NY

$64.25 - $86/hr

Conduct secure code reviews and support vulnerability remediation * Integrate and operate security tooling such as SAST, DAST, and SCA within CI/CD pipelines * Help define guardrails, monitoring, and ...

next page

Showing results 1-20

People also search for

All JobsSecure Code Review Jobs

Secure Code Review information

See salary details

$29

$66

$96

How much do secure code review jobs pay per hour?

As of May 31, 2026, the average hourly pay for secure code review in the United States is $66.40, according to ZipRecruiter salary data. Most workers in this role earn between $56.49 and $75.48 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Secure Code Reviewer, and why are they important?

To thrive as a Secure Code Reviewer, you need a solid understanding of secure coding practices, programming languages (such as Java, Python, or C++), and common software vulnerabilities, often supported by relevant security certifications like CISSP or CSSLP. Familiarity with automated code analysis tools, static application security testing (SAST) platforms, and bug tracking systems is typically required. Strong analytical thinking, attention to detail, and clear communication skills set outstanding reviewers apart. These abilities are crucial for identifying, explaining, and mitigating security risks in code, ensuring robust application security.

What are some common challenges faced by professionals performing secure code reviews, and how can they be addressed?

Secure code reviewers often encounter challenges such as keeping up with evolving security threats, identifying subtle vulnerabilities in complex codebases, and maintaining effective communication with development teams. To address these, reviewers should stay updated on the latest security trends, use automated tools to assist in identifying potential issues, and foster collaborative relationships with developers to ensure that findings are understood and remediated effectively. Regular training, participating in security communities, and integrating secure code review into the software development lifecycle can also help overcome these challenges.

What is secure code review?

Secure code review is the process of systematically examining application source code to identify and remediate security vulnerabilities before software is released. This review can be performed manually or with automated tools, focusing on areas where coding errors could lead to security risks such as injection attacks, data leaks, or authentication flaws. The goal is to ensure that the code adheres to secure coding standards and best practices, ultimately reducing the risk of exploitation by malicious actors.

What is the difference between Secure Code Review vs Static Application Security Testing (SAST)?

AspectSecure Code ReviewStatic Application Security Testing (SAST)
CredentialsKnowledge of secure coding, programming languages, security standardsSecurity testing tools, programming knowledge, security certifications
Work EnvironmentManual review, developer collaboration, code analysisAutomated scanning, integration with CI/CD pipelines
Industry UsageDevelopment teams, security analysts, code auditsSecurity teams, QA, DevOps, automated security testing

Secure Code Review involves manual or semi-automated analysis of source code to identify security flaws, emphasizing developer collaboration. SAST uses automated tools to scan code for vulnerabilities during development, enabling faster detection. Both roles aim to improve code security but differ in approach: one is manual and detailed, the other automated and scalable.

More about Secure Code Review jobs
What states have the most Secure Code Review jobs? States with the most job openings for Secure Code Review jobs include:
What job categories do people searching Secure Code Review jobs look for? The top searched job categories for Secure Code Review jobs are:
Secure Code Review jobs near you
Infographic showing various Secure Code Review job openings in the United States as of May 2026, with employment types broken down into 87% Full Time, and 13% Contract. Highlights an 74% In-person, 13% Hybrid, and 13% Remote job distribution, with an average salary of $138,117 per year, or $66.4 per hour.
Software Developer - Security Code Review

Software Developer - Security Code Review

ThreatLocker

Orlando, FL • On-site

Full-time

Posted 5 days ago

ThreatLocker rating

7.0

Company rating: 7.0 out of 10

Based on 6 frontline employees who took The Breakroom Quiz

139th of 184 rated software companies

Job description

COMPANY OVERVIEW
ThreatLocker® is a leader in endpoint protection technologies, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. The ThreatLocker® platform with Application Allowlisting, Ringfencing™, Storage Control, Elevation Control, Endpoint Network Control, Configuration Management, and Operational Alert solutions are leading the cybersecurity market toward a more secure approach of blocking the exploits of application vulnerabilities.
POSITION OVERVIEW
We are looking for a Security-Focused Software Developer to join our onsite team, specializing exclusively in manual and automated code review for security vulnerabilities. In this role, you will not be writing production code but will be deeply involved in reviewing application code to identify security issues, enforce secure coding practices, and ensure compliance with industry security standards.
The role will be based in Orlando, FL and is an in-office position.
KEY RESPONSIBILITIES
  • Perform in-depth security-focused code reviews across various codebases and languages
  • Identify common and advanced security vulnerabilities (e.g., injection, XSS, insecure deserialization, insecure APIs).
  • Work closely with developers to educate and guide them in secure coding practices.
  • Recommend fixes and mitigation strategies, ensuring adherence to security standards (e.g., OWASP Top 10, CWE, NIST).
  • Collaborate with security engineers, architects, and DevSecOps teams to enhance code security posture.
  • Maintain documentation of findings and track remediation status.
  • Utilize static and dynamic analysis tools to supplement manual reviews.
  • Participate in security audits, threat modeling, and secure code training sessions.

REQUIRED QUALIFICATIONS
  • Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
  • 5+ years of experience in software development with at least 2 years in secure code review or application security.
  • Strong understanding of secure software development lifecycle (SSDLC).
  • Experience identifying and remediating vulnerabilities in code written in one or more languages (e.g., C/C++, C#, Swift, Java, JavaScript, Python).
  • Familiarity with security tools such as SonarQube, Fortify, Checkmarx, Veracode, or similar.
  • Knowledge of OWASP Top 10, CWE/SANS 25, and CVSS scoring.
  • Strong analytical, communication, and documentation skills.

PREFERRED QUALIFICATIONS IN
  • Security certifications such as OSCP, CSSLP, CEH, or GWAPT.
  • Experience in regulated environments (e.g., finance, healthcare, defense).
  • Familiarity with threat modeling, penetration testing, or red/blue team operations.

WORKING CONDITIONS
The duties described below are representative of those encountered while performing the essential functions of this position. If necessary, reasonable accommodation may be requested and will be evaluated for its relationship to the essential functions that must be performed.
  • Job will generally be performed in an office environment but may require travel to visit company offices and/or property locations.
  • While performing duties of this job, would occasionally require to stand, walk, sit, reach with hands and arms, climb or balance, stoop or kneel, talk and hear, and use fingers and hands to feel objects and tools.
  • Must occasionally lift and/or move up to 25 pounds.
  • Specific vision abilities required include close vision, distance vision, depth perceptions, and the ability to adjust focus.

A background check and drug/substance screening are required after a conditional offer. Employment will proceed only upon receiving clear results from both.
ThreatLocker also conducts randomized drug and substance testing approximately every 60 days, in line with the same screening standards.

Apply