Windows Application Security Developer
Indexed description
Location: Atlanta, GA
Duration: 6-12 months
Skills needed ; Windows application development & security, Veracode Remediation | VB6 / C# / VB.NET | Fotran | Python | .Net framework | SQL Server| SQL| Veracode| Windows DesktopROLEWe are seeking an experienced Application Security Developer to lead the remediation of security vulnerabilities in legacy windows application.The primary focus is on resolving High and Critical severity findings — specifically Command Injection and SQL Injection — across a mixed-language Windows desktop application codebase.
The ideal candidate brings deep expertise in legacy VB6 development, modern .NET (C# and/or VB.NET), secure coding practices, and hands-on experience interpreting and fixing Veracode findings.
This is a security-first development role requiring both strong technical skills and a methodical approach to vulnerability triage, remediation, and validation.
SYSTEM & APPLICATION CONTEXT
Component
Technology
Notes
Primary Language
Visual Basic 6 (VB6)
Legacy codebase; primary source of Veracode findings
Additional Languages
C#, VB.NET (.NET Framework)
Windows Forms modules; subject to SAST scans
Supporting Languages
Fortran, Python
Peripheral components; may have ancillary findings
UI Framework
Windows Forms (.NET Framework)
Input/output surfaces; injection risk areas
Database
SQL Server / SQL (ADO/ADO.NET)
Parameterized query remediation required
Platform
Windows OS (7 / 10 / 11)
Desktop deployment; MSI packaging
SAST Tool
Veracode
Source of all vulnerability findings for this role
Key Responsibilities
- Interpret Veracode SAST reports — understand CWE classifications, flaw categories, and severity scoring.
- Triage High and Critical findings by exploitability, business impact, and remediation complexity.
- Map each Veracode finding to the relevant source code module — VB6, C#, VB.NET, SQL, Python, or Fortran.
- Prioritize remediation backlog and communicate status to stakeholders and auditors.
- Identify and fix OS command injection vulnerabilities across VB6 and .NET components.
- Identify and fix SQL injection vulnerabilities in VB6, .NET, and any dynamic SQL construction patterns.
- Work within the VB6 codebase — Windows API calls, ActiveX components, and VB6-specific security pitfalls.
- Rebuild applications after applying patches — manage dependencies, resolve build errors, and validate successful compilation.
- Perform unit-level and integration-level testing for each patched module.
- Execute Veracode rescans to confirm vulnerability resolution and track flaw closure rate.
- Conduct regression testing to ensure no functional degradation, performance impact, or breaking changes.
- Maintain documentation: root cause analysis, code changes, testing approach, and residual risk per finding.
- Strong hands-on experience with Visual Basic 6 (VB6) — including ADO, Windows API, ActiveX, and VB6 IDE.
- Proficiency in C# and/or VB.NET on .NET Framework — Windows Forms development and data access.
- Deep understanding of SQL injection (remediation: parameterized queries, stored procedures, input validation.
- Proven experience fixing command injection: input sanitization, allowlisting, safe execution patterns.
- Hands-on experience with Veracode SAST — interpreting findings, understanding CWE classifications, and driving flaw closure.
- Knowledge of OWASP Top 10 and secure coding standards applicable to Windows desktop applications.
- Experience with CVSS scoring, vulnerability triage, and remediation prioritization.
- Ability to write and execute security-focused test cases to validate fixes.
- Proficiency with Git or SVN for source code version control and patch management.
- Experience with code review processes, pull requests, and collaborative development workflows.
- Familiarity with issue tracking systems such as JIRA, Azure DevOps, or GitHub Issues.
- Bachelor's or Master's degree in Computer Science, Software Engineering, Cybersecurity, or a related field.
- 8 to 9+ years of professional experience in Windows desktop application development (VB6 / .NET)
- Experience with additional languages in scope: Python , Fortran code review.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search