Role & Responsibilities
We are looking for a Static Code Analysis / SAST Specialist with deep expertise in secure coding and static application security testing (SAST).
The ideal candidate will have hands-on experience using industry-leading tools and be capable of performing in-depth secure code reviews across multiple programming languages.
Key Responsibilities:
- Perform static code analysis using tools such as SonarQube, Veracode, Checkmarx, or similar platforms.
- Conduct secure code reviews across various programming languages including Java, Python, .NET/C#, and C/C++.
- Identify, triage, and remediate security vulnerabilities found in source code, differentiating between true positives and false positives.
- Collaborate with developers and engineering teams to recommend and implement secure coding practices.
- Ensure adherence to established security frameworks and best practices such as OWASP Top 10, SANS Top 25, and CWE.
- Support development teams in understanding and resolving SAST findings to improve the overall security posture.
- Contribute to secure software development lifecycle (SDLC) initiatives and DevSecOps integrations.
Required Skills & Expertise:
- 6+ years of experience in static application security testing and secure coding practices.
- Strong expertise with SAST tools like SonarQube, Veracode, Checkmarx, or equivalent.
- In-depth understanding of secure software development and ability to review and analyze source code.
- Familiarity with cloud and non-cloud environments and how secure coding applies in both contexts.
- Ability to communicate technical findings and remediation strategies clearly to both technical and non-technical stakeholders.
Skills Required
static code analysis , Sonarqube, Veracode, Checkmarx, Java, Python