ZipRecruiter

Log In

1

Secure Code Review Jobs in California (NOW HIRING)

Bridge Tech

Pen Tester

San Francisco, CA

... Conduct secure code review trainings to developers - Understanding of OWASP, SANS, CWE standards, - Experience with enforcing application security in the SDLC of web applications - Develop ...

Bridge Tech

Pen Tester

San Francisco, CA · On-site

Conduct secure code review trainings to developers * Understanding of OWASP, SANS, CWE standards, * Experience with enforcing application security in the SDLC of web applications * Develop ...

StartupTAP

Lead AI AppSec Engineer

Irvine, CA

$63 - $84.25/hr

Conduct secure code reviews and support vulnerability remediation * Integrate and operate security tooling such as SAST, DAST, and SCA within CI/CD pipelines * Help define guardrails, monitoring, and ...

Bishop Fox

AI Software Engineer

San Francisco, CA · On-site

Review and refine AI-generated code to ensure compliance with secure coding standards (e.g., OWASP Top 10, secure SDLC practices). * Implement automated guardrails to detect insecure outputs, prompt ...

Bishop Fox

AI Software Engineer

San Francisco, CA

Review and refine AI-generated code to ensure compliance with secure coding standards (e.g., OWASP Top 10, secure SDLC practices). * Implement automated guardrails to detect insecure outputs, prompt ...

Bishop Fox

AI Software Engineer

San Francisco, CA

Review and refine AI-generated code to ensure compliance with secure coding standards (e.g., OWASP Top 10, secure SDLC practices). * Implement automated guardrails to detect insecure outputs, prompt ...

Heartflow

Application Security Engineer

San Francisco, CA · Hybrid

$145K - $180K/yr

Perform secure code reviews, validate false positive determinations, coach developers on effective remediation strategies, threat model our products and carry out essential parts of a secure SDLC.

Intuitive

Product Security Engineer

Sunnyvale, CA · On-site

Prescribe and evaluate secure coding standards as a component of SPDF and SDLC. * Support product cybersecurity testing and remediation as a component of SPDF and SDLC. * Through review of Software ...

Heartflow

Application Security Engineer

San Francisco, CA · On-site

$145K - $180K/yr

Perform secure code reviews, validate false positive determinations, coach developers on effective remediation strategies, threat model our products and carry out essential parts of a secure SDLC.

Decagon

Senior Security Engineer

San Francisco, CA · On-site

$200K - $330K/yr

Expertise in secure software development practices, including threat modeling, secure code review, and vulnerability assessment * Strong software engineering background with ability to review code ...

Decagon

Platform Engineer, Security

San Francisco, CA · On-site

$200K - $330K/yr

Expertise in secure software development practices, including threat modeling, secure code review, and vulnerability assessment * Strong software engineering background with ability to review code ...

next page

Showing results 1-20

All JobsSecure Code Review JobsSecure Code Review Jobs in California

Secure Code Review information

What is secure code review?

Secure code review is the process of systematically examining application source code to identify and remediate security vulnerabilities before software is released. This review can be performed manually or with automated tools, focusing on areas where coding errors could lead to security risks such as injection attacks, data leaks, or authentication flaws. The goal is to ensure that the code adheres to secure coding standards and best practices, ultimately reducing the risk of exploitation by malicious actors.

What are the key skills and qualifications needed to thrive as a Secure Code Reviewer, and why are they important?

To thrive as a Secure Code Reviewer, you need a solid understanding of secure coding practices, programming languages (such as Java, Python, or C++), and common software vulnerabilities, often supported by relevant security certifications like CISSP or CSSLP. Familiarity with automated code analysis tools, static application security testing (SAST) platforms, and bug tracking systems is typically required. Strong analytical thinking, attention to detail, and clear communication skills set outstanding reviewers apart. These abilities are crucial for identifying, explaining, and mitigating security risks in code, ensuring robust application security.

What are some common challenges faced by professionals performing secure code reviews, and how can they be addressed?

Secure code reviewers often encounter challenges such as keeping up with evolving security threats, identifying subtle vulnerabilities in complex codebases, and maintaining effective communication with development teams. To address these, reviewers should stay updated on the latest security trends, use automated tools to assist in identifying potential issues, and foster collaborative relationships with developers to ensure that findings are understood and remediated effectively. Regular training, participating in security communities, and integrating secure code review into the software development lifecycle can also help overcome these challenges.

What is the difference between Secure Code Review vs Static Application Security Testing (SAST)?

AspectSecure Code ReviewStatic Application Security Testing (SAST)
CredentialsKnowledge of secure coding, programming languages, security standardsSecurity testing tools, programming knowledge, security certifications
Work EnvironmentManual review, developer collaboration, code analysisAutomated scanning, integration with CI/CD pipelines
Industry UsageDevelopment teams, security analysts, code auditsSecurity teams, QA, DevOps, automated security testing

Secure Code Review involves manual or semi-automated analysis of source code to identify security flaws, emphasizing developer collaboration. SAST uses automated tools to scan code for vulnerabilities during development, enabling faster detection. Both roles aim to improve code security but differ in approach: one is manual and detailed, the other automated and scalable.

What are popular job titles related to Secure Code Review jobs in California? For Secure Code Review jobs in California, the most frequently searched job titles are:
What job categories do people searching Secure Code Review jobs in California look for? The top searched job categories for Secure Code Review jobs in California are:
Secure Code Review jobs near you
Infographic showing various Secure Code Review job openings in California as of May 2026, with employment types broken down into 86% Full Time, 13% Part Time, and 1% Contract. Highlights an 92% Physical, 2% Hybrid, and 6% Remote job distribution.

Pen Tester

Bridge Tech

San Francisco, CA

Contractor

Posted 21 days ago

Job description

Job Description

- Conduct black box, white box vulnerability and penetration testing
- Setup threat modesla and protocol fuzzers
- Experience in architecture & design reviews with developers at all levels
- Develop, implement & support security tools and services
- Good at assessment of security policies, best practices and recommendations
- Experience with vulnerability tracking methods and tools
- Conduct secure code review trainings to developers
- Understanding of OWASP, SANS, CWE standards,
- Experience with enforcing application security in the SDLC of web applications
- Develop Application Security practice
- Experience in Ethical hacking domain
- Hands-on experience on Java, Python, C/C++, Ruby, Perl, Node.js, DoJo and Angular.js
- Experience with tools like - CheckMarx, Coverity, IBM AppScan Enterprise, Nessus, Qualys, GFI, Client Fortify, Veracode, Burp Suite, MS Threat Modeler etc.
- Good understand of malwares

Additional Information

All your information will be kept confidential according to EEO guidelines.

Apply