ThreatLocker is looking for a Security-Focused Software Developer to improve the security of their endpoint protection technologies by performing manual and automated code reviews to identify and fix security vulnerabilities.
Requirements
- 5+ years of experience in software development with at least 2 years in secure code review or application security.
- Strong understanding of secure software development lifecycle (SSDLC).
- Experience identifying and remediating vulnerabilities in code written in one or more languages (e.g., C/C++, C, Swift, Java, JavaScript, Python).
- Familiarity with security tools such as SonarQube, Fortify, Checkmarx, Veracode, or similar.
- Knowledge of OWASP Top 10, CWE/SANS 25, and CVSS scoring.
- Security certifications such as OSCP, CSSLP, CEH, or GWAPT.
- Familiarity with threat modeling, penetration testing, or red/blue team operations.
Responsibilities
- Perform in-depth security-focused code reviews across various codebases and languages
- Identify common and advanced security vulnerabilities (e.g., injection, XSS, insecure deserialization, insecure APIs).
- Work closely with developers to educate and guide them in secure coding practices.
- Recommend fixes and mitigation strategies, ensuring adherence to security standards (e.g., OWASP Top 10, CWE, NIST).
- Collaborate with security engineers, architects, and DevSecOps teams to enhance code security posture.
- Utilize static and dynamic analysis tools to supplement manual reviews.
- Participate in security audits, threat modeling, and secure code training sessions.
Other
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
- Strong analytical, communication, and documentation skills.
- Job will generally be performed in an office environment but may require travel to visit company offices and/or property locations.
- Must occasionally lift and/or move up to 25 pounds.
