1

Secure Code Review Jobs in California (NOW HIRING)

Senior Application Security Engineer

San Francisco, CA · On-site

$69.25 - $92.50/hr

Senior Security Engineer - Secure Code Review 📍 San Francisco, California 🏢 On-site | Full-Time My client is seeking a Senior Security Engineer to join their Application Security practice. This ...

... Conduct secure code review trainings to developers - Understanding of OWASP, SANS, CWE standards, - Experience with enforcing application security in the SDLC of web applications - Develop ...

... Conduct secure code review trainings to developers - Understanding of OWASP, SANS, CWE standards, - Experience with enforcing application security in the SDLC of web applications - Develop ...

Review and refine AI-generated code to ensure compliance with secure coding standards (e.g., OWASP Top 10, secure SDLC practices). * Implement automated guardrails to detect insecure outputs, prompt ...

Review and refine AI-generated code to ensure compliance with secure coding standards (e.g., OWASP Top 10, secure SDLC practices). * Implement automated guardrails to detect insecure outputs, prompt ...

Perform secure code reviews, validate false positive determinations, coach developers on effective remediation strategies, threat model our products and carry out essential parts of a secure SDLC.

While your primary role is to build secure software in Python and modern web stacks, your expertise ... Perform security code reviews and penetration testing on our web applications and services.

next page

Showing results 1-20

Secure Code Review information

What is secure code review?

Secure code review is the process of systematically examining application source code to identify and remediate security vulnerabilities before software is released. This review can be performed manually or with automated tools, focusing on areas where coding errors could lead to security risks such as injection attacks, data leaks, or authentication flaws. The goal is to ensure that the code adheres to secure coding standards and best practices, ultimately reducing the risk of exploitation by malicious actors.

What are the key skills and qualifications needed to thrive as a Secure Code Reviewer, and why are they important?

To thrive as a Secure Code Reviewer, you need a solid understanding of secure coding practices, programming languages (such as Java, Python, or C++), and common software vulnerabilities, often supported by relevant security certifications like CISSP or CSSLP. Familiarity with automated code analysis tools, static application security testing (SAST) platforms, and bug tracking systems is typically required. Strong analytical thinking, attention to detail, and clear communication skills set outstanding reviewers apart. These abilities are crucial for identifying, explaining, and mitigating security risks in code, ensuring robust application security.

What are some common challenges faced by professionals performing secure code reviews, and how can they be addressed?

Secure code reviewers often encounter challenges such as keeping up with evolving security threats, identifying subtle vulnerabilities in complex codebases, and maintaining effective communication with development teams. To address these, reviewers should stay updated on the latest security trends, use automated tools to assist in identifying potential issues, and foster collaborative relationships with developers to ensure that findings are understood and remediated effectively. Regular training, participating in security communities, and integrating secure code review into the software development lifecycle can also help overcome these challenges.

What is the difference between Secure Code Review vs Static Application Security Testing (SAST)?

AspectSecure Code ReviewStatic Application Security Testing (SAST)
CredentialsKnowledge of secure coding, programming languages, security standardsSecurity testing tools, programming knowledge, security certifications
Work EnvironmentManual review, developer collaboration, code analysisAutomated scanning, integration with CI/CD pipelines
Industry UsageDevelopment teams, security analysts, code auditsSecurity teams, QA, DevOps, automated security testing

Secure Code Review involves manual or semi-automated analysis of source code to identify security flaws, emphasizing developer collaboration. SAST uses automated tools to scan code for vulnerabilities during development, enabling faster detection. Both roles aim to improve code security but differ in approach: one is manual and detailed, the other automated and scalable.

What job categories do people searching Secure Code Review jobs in California look for? The top searched job categories for Secure Code Review jobs in California are:
Infographic showing various Secure Code Review job openings in California as of June 2026, with employment types broken down into 56% Full Time, and 44% Part Time. Highlights an 100% Remote job distribution.
Senior Application Security Engineer

Senior Application Security Engineer

AGS

San Francisco, CA • On-site

$69.25 - $92.50/hr

Other

Posted 11 days ago


Job description

Senior Security Engineer – Secure Code Review

📍 San Francisco, California

🏢 On-site | Full-Time



My client is seeking a Senior Security Engineer to join their Application Security practice. This role is ideal for a hands-on AppSec professional with a strong software development background and deep experience performing secure code reviews, analysing CVEs, and working with SAST and SCA tools in real production environments


.
Responsibiliti

  • esPerform secure code reviews across Java and C#/.NET applicatio
  • nsAnalyse and triage vulnerabilities in open-source libraries and frameworks (CVE analysi
  • s)Assess applications against OWASP Top 10 and identify exploitable security issu
  • esProvide developers with actionable remediation guidance and architectural recommendatio
  • nsUse AI-assisted code analysis tools to accelerate vulnerability detection and validate findin
  • gsSupport vulnerability management, risk assessments, and compensating controls such as WAF rul
  • esResearch emerging open-source vulnerabilities and produce mitigation guidan


ce
Must-Have Ski

  • lls8+ years in software development, application security, or b
  • othHands-on experience with SAST and/or SCA tools (e.g. Checkmarx, SonarQube, Black Du
  • ck)Real-world experience performing CVE analysis and exploitability tri
  • ageStrong Java proficiency (JDK 8–21, Spring, Maven/Grad
  • le)Ability to review and understand complex codebases written by oth
  • ersSolid understanding of OWASP Top 10 and secure coding princip


les
Preferred Sk

  • illsC#/.NET and ASP.NET Core experi
  • enceDAST tools such as Burp Suite or OWASP
  • ZAPExperience writing or validating WAF r
  • ulesSecure SDLC, threat modelling, or security champion progra
  • mmesConsulting or professional services backgr
  • oundCloud application security experience (AWS, Azure, or
  • GCP)Certifications such as CSSLP, GWEB, GPEN, or


OSCP