Ability to read and review code in Java, JavaScript/Node.js, or Python for security validation. * Experience with CI/CD pipelines, DevSecOps practices, and secure SDLC integration. * Strong ...
Ability to read and review code in Java, JavaScript/Node.js, or Python for security validation. * Experience with CI/CD pipelines, DevSecOps practices, and secure SDLC integration. * Strong ...
Director, Security - Digital Products & Applications
Manhattan, NY · On-site
$64.75 - $86.25/hr
... secure code review, API security review, threat modeling, or security architecture work. * Experience working directly with product managers, software engineers, application owners, data teams ...
Director, Security - Digital Products & Applications
Manhattan, NY · On-site
$64.75 - $86.25/hr
... secure code review, API security review, threat modeling, or security architecture work. * Experience working directly with product managers, software engineers, application owners, data teams ...
Director, Security Digital Products & Applications
Manhattan, NY · On-site
$64.75 - $86.25/hr
... secure code review, API security review, threat modeling, or security architecture work. * Experience working directly with product managers, software engineers, application owners, data teams ...
Director, Security Digital Products & Applications
Manhattan, NY · On-site
$64.75 - $86.25/hr
... secure code review, API security review, threat modeling, or security architecture work. * Experience working directly with product managers, software engineers, application owners, data teams ...
Security Engineer
Manhattan, NY · On-site
OWASP, common vulnerability classes, secure API design, auth and authorization patterns • Experience conducting threat modeling and secure code reviews • Hands-on experience with application ...
Security Engineer
Manhattan, NY · On-site
OWASP, common vulnerability classes, secure API design, auth and authorization patterns • Experience conducting threat modeling and secure code reviews • Hands-on experience with application ...
Claude Code Platform Lead
$61.50 - $80.75/hr
... secure digital wallet, and DeFi integrations. Beyond our consumer offerings, we're also the ... Strong understanding of Git workflows, code review processes, and merge request automation
Quick apply
Claude Code Platform Lead
$61.50 - $80.75/hr
... secure digital wallet, and DeFi integrations. Beyond our consumer offerings, we're also the ... Strong understanding of Git workflows, code review processes, and merge request automation
Senior Software Engineer, Security Agents
Manhattan, NY · On-site
$126K - $172K/yr
Responsibilities : • Build autonomous security agents that perform alert triage, secure code reviews, threat modeling, and vulnerability assessment • Develop agent orchestration systems that help ...
Senior Software Engineer, Security Agents
Manhattan, NY · On-site
$126K - $172K/yr
Responsibilities : • Build autonomous security agents that perform alert triage, secure code reviews, threat modeling, and vulnerability assessment • Develop agent orchestration systems that help ...
Develops secure high-quality production code, and reviews and debugs code written by others * Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall ...
Develops secure high-quality production code, and reviews and debugs code written by others * Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall ...
Sr. Security Engineer, AppSec - Amazon Stores Security
New York, NY · On-site
$64.25 - $86/hr
Manual and Automated Secure Code Review, primarily in Java, Python and JavaScript. * Development of security automation tools. * Adversarial security analysis using innovative tools to augment manual ...
Sr. Security Engineer, AppSec - Amazon Stores Security
New York, NY · On-site
$64.25 - $86/hr
Manual and Automated Secure Code Review, primarily in Java, Python and JavaScript. * Development of security automation tools. * Adversarial security analysis using innovative tools to augment manual ...
Develops secure high-quality production code, and reviews and debugs code written by others * Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall ...
Develops secure high-quality production code, and reviews and debugs code written by others * Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall ...
Security Engineer-Offensive, Penetration testing AI Agent-Full time Hire--ONSITE-Jersey City, NJ
Jersey City, NJ · On-site
Extensive hands-on experience with penetration testing, red teaming, exploit development, reverse engineering, and secure code review against OWASP Top 10 and SANS 25 , combined with defensive ...
Security Engineer-Offensive, Penetration testing AI Agent-Full time Hire--ONSITE-Jersey City, NJ
Jersey City, NJ · On-site
Extensive hands-on experience with penetration testing, red teaming, exploit development, reverse engineering, and secure code review against OWASP Top 10 and SANS 25 , combined with defensive ...
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team. * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team. * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
Java AWS Lead Software Engineer
Manhattan, NY · On-site
$152K - $215K/yr
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team. * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
Java AWS Lead Software Engineer
Manhattan, NY · On-site
$152K - $215K/yr
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team. * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team. * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team. * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
Lead Software Engineer-Full Stack/Multi-Cloud Security
Jersey City, NJ · On-site
$152K - $215K/yr
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
Lead Software Engineer-Full Stack/Multi-Cloud Security
Jersey City, NJ · On-site
$152K - $215K/yr
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
Develops secure high-quality production code, and reviews and debugs code written by others * Lead a local team of software engineers and applied AI/ML practitioners, driving accountability and ...
Develops secure high-quality production code, and reviews and debugs code written by others * Lead a local team of software engineers and applied AI/ML practitioners, driving accountability and ...
Develops secure high-quality production code, and reviews and debugs code written by others * Lead a local team of software engineers and applied AI/ML practitioners, driving accountability and ...
Develops secure high-quality production code, and reviews and debugs code written by others * Lead a local team of software engineers and applied AI/ML practitioners, driving accountability and ...
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team * Applies knowledge of tools within the Software Development Life Cycle toolchain, including ...
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities * Define, implement, and oversee processes and policies in our Vulnerability ...
Principal Product Security Engineer
New York, NY · On-site
$190K - $220K/yr
Conduct secure code reviews and threat modeling exercises to identify and remediate potential security vulnerabilities * Define, implement, and oversee processes and policies in our Vulnerability ...
Lead Software Engineer - Blockchain (Public or Permissioned blockchain platforms)
Jersey City, NJ · On-site
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team. • Applies knowledge of tools within the Software Development Life Cycle toolchain ...
Lead Software Engineer - Blockchain (Public or Permissioned blockchain platforms)
Jersey City, NJ · On-site
... secure coding, peer review, automated testing) and promoting reuse of effective patterns across the team. • Applies knowledge of tools within the Software Development Life Cycle toolchain ...
Secure Code Review information
What is secure code review?
Secure code review is the process of systematically examining application source code to identify and remediate security vulnerabilities before software is released. This review can be performed manually or with automated tools, focusing on areas where coding errors could lead to security risks such as injection attacks, data leaks, or authentication flaws. The goal is to ensure that the code adheres to secure coding standards and best practices, ultimately reducing the risk of exploitation by malicious actors.
What are the key skills and qualifications needed to thrive as a Secure Code Reviewer, and why are they important?
To thrive as a Secure Code Reviewer, you need a solid understanding of secure coding practices, programming languages (such as Java, Python, or C++), and common software vulnerabilities, often supported by relevant security certifications like CISSP or CSSLP. Familiarity with automated code analysis tools, static application security testing (SAST) platforms, and bug tracking systems is typically required. Strong analytical thinking, attention to detail, and clear communication skills set outstanding reviewers apart. These abilities are crucial for identifying, explaining, and mitigating security risks in code, ensuring robust application security.
What are some common challenges faced by professionals performing secure code reviews, and how can they be addressed?
Secure code reviewers often encounter challenges such as keeping up with evolving security threats, identifying subtle vulnerabilities in complex codebases, and maintaining effective communication with development teams. To address these, reviewers should stay updated on the latest security trends, use automated tools to assist in identifying potential issues, and foster collaborative relationships with developers to ensure that findings are understood and remediated effectively. Regular training, participating in security communities, and integrating secure code review into the software development lifecycle can also help overcome these challenges.
What is the difference between Secure Code Review vs Static Application Security Testing (SAST)?
| Aspect | Secure Code Review | Static Application Security Testing (SAST) |
|---|---|---|
| Credentials | Knowledge of secure coding, programming languages, security standards | Security testing tools, programming knowledge, security certifications |
| Work Environment | Manual review, developer collaboration, code analysis | Automated scanning, integration with CI/CD pipelines |
| Industry Usage | Development teams, security analysts, code audits | Security teams, QA, DevOps, automated security testing |
Secure Code Review involves manual or semi-automated analysis of source code to identify security flaws, emphasizing developer collaboration. SAST uses automated tools to scan code for vulnerabilities during development, enabling faster detection. Both roles aim to improve code security but differ in approach: one is manual and detailed, the other automated and scalable.
What are popular job titles related to Secure Code Review jobs in New York? For Secure Code Review jobs in New York, the most frequently searched job titles are:
- Union Software Engineer
- Remote Blockchain Developer
- Contract Remote Asp Net Software Developer
- Overnight Azure Net Developer
- Xcode Developer
- Internship Software Engineer Fall Co Op
- Camunda Remote
- Js Fort Group
- Home Based Algorithmic Trading Software Developer
- Remote No Experience Full Stack Software Developer
What job categories do people searching Secure Code Review jobs in New York look for? The top searched job categories for Secure Code Review jobs in New York are:
Other
Posted 5 days ago
Job description
Must Have Responsibilities
- Lead application security design across web, mobile, and AWS cloud-native systems, including secure architecture reviews and CI/CD security integration.
- Administer and optimize SAST/SCA tools (e.g., Checkmarx, Snyk), triage vulnerabilities, and guide remediation aligned to OWASP Top Ten.
- Secure cloud environments (especially AWS Lambda, API Gateway, IAM, S3) and support runtime and application-layer protections.
- Partner with release and change management to ensure secure, stable production deployments and support go-live readiness.
- Provide security input in architecture and project planning, ensuring requirements are embedded early in design and development.
- Track vulnerabilities, produce reporting, and manage remediation progress across engineering teams.
- 3+ years in application security (offense and defense) with hands-on SAST/SCA experience.
- Strong knowledge of OWASP Top Ten and web/API security vulnerabilities and remediation.
- Experience securing AWS cloud services and working with cloud security platforms (e.g., Wiz, Prisma Cloud, Orca).
- Ability to read and review code in Java, JavaScript/Node.js, or Python for security validation.
- Experience with CI/CD pipelines, DevSecOps practices, and secure SDLC integration.
- Strong communication skills with ability to influence technical and business stakeholders.
- Experience working with change/release management in production environments.
- Automate security testing and improve security tooling workflows.
- Develop and improve security runbooks, documentation, and operational procedures.
- Support penetration testing, secure code reviews, or developer training as needed.
- Participate in additional architecture discussions or advisory meetings when required.
- Familiarity with threat intelligence and how it informs application security controls.
- Experience driving developer security adoption through workshops or working sessions.
- Strong understanding of agile delivery environments and enterprise release governance.