We are seeking 5 highly skilled and experienced Senior Source Code Auditors to join our cybersecurity team. In this role, you will be responsible for reviewing and analyzing source code to identify potential security vulnerabilities, ensure compliance with coding standards, and enhance the overall security posture of our applications. You will work closely with development teams, security professionals, and stakeholders to provide actionable insights and recommendations for improving code quality and security.
Key Responsibilities:
* Conduct thorough audits of source code to identify vulnerabilities, security weaknesses, and coding inefficiencies.
* Review and analyze code across a variety of programming languages and frameworks, including but not limited to Python, Java, C++, Objective-C, Kotlin, Swift and JavaScript.
* Develop and maintain code auditing standards, processes, and tools to ensure consistent and high-quality reviews.
* Collaborate with development teams to provide feedback and guidance on secure coding practices and remediation strategies.
* Prepare detailed audit reports that outline findings, risks, and recommendations for improving code security and quality.
* Stay up-to-date with the latest security threats, coding standards, and best practices to continuously improve audit processes.
* Mentor junior auditors and provide guidance on auditing techniques, tools, and best practices.
* Work with cross-functional teams to integrate security practices into the software development lifecycle (SDLC).
* Assist in developing and conducting security training and awareness programs for development teams.
Qualifications:
* Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience.
* 5+ years of experience in source code auditing, software development, or application security.
* Strong understanding of secure coding principles, software vulnerabilities, and common attack vectors (e.g., SQL injection, cross-site scripting, buffer overflow).
* Proficiency in multiple programming languages and familiarity with a variety of development frameworks and environments.
* Experience with automated code review tools (e.g., SonarQube, Coverity, Fortify, Checkmarx, Veracode) and manual code review techniques.
* Excellent analytical and problem-solving skills with a keen eye for detail.
* Strong communication skills, with the ability to explain complex technical concepts to non-technical stakeholders.
* Relevant certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are a plus.
Preferred Skills:
* Experience in cloud security and auditing code for cloud-based applications (AWS, OCI, Azure, GCP).
* Familiarity with DevSecOps practices and tools for integrating security into CI/CD pipelines.
* Knowledge of regulatory requirements and standards related to software security (e.g., ISO27001, GDPR, PCI-DSS, HIPAA).
All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the California Fair Chance Act, City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, and Los Angeles County Fair Chance Ordinance. For unincorporated Los Angeles county, to the extent our customers require a background check for certain positions, the Company faces a significant risk to its business operations and business reputation unless a review of criminal history is conducted for those specific job positions.