Back to search
Accord Technologies Inc Linkedin · Posted 4mo ago

Windows Application Security Developer

Atlanta, Georgia, United States

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Windows Application Security Developer

Location: Atlanta, GA

Duration: 6-12 months

Skills needed ; Windows application development & security, Veracode Remediation | VB6 / C# / VB.NET | Fotran | Python | .Net framework | SQL Server| SQL| Veracode| Windows Desktop

ROLE

We are seeking an experienced Application Security Developer to lead the remediation of security vulnerabilities in legacy windows application.

The primary focus is on resolving High and Critical severity findings — specifically Command Injection and SQL Injection — across a mixed-language Windows desktop application codebase.

The ideal candidate brings deep expertise in legacy VB6 development, modern .NET (C# and/or VB.NET), secure coding practices, and hands-on experience interpreting and fixing Veracode findings.

This is a security-first development role requiring both strong technical skills and a methodical approach to vulnerability triage, remediation, and validation.

SYSTEM & APPLICATION CONTEXT

Component

Technology

Notes

Primary Language

Visual Basic 6 (VB6)

Legacy codebase; primary source of Veracode findings

Additional Languages

C#, VB.NET (.NET Framework)

Windows Forms modules; subject to SAST scans

Supporting Languages

Fortran, Python

Peripheral components; may have ancillary findings

UI Framework

Windows Forms (.NET Framework)

Input/output surfaces; injection risk areas

Database

SQL Server / SQL (ADO/ADO.NET)

Parameterized query remediation required

Platform

Windows OS (7 / 10 / 11)

Desktop deployment; MSI packaging

SAST Tool

Veracode

Source of all vulnerability findings for this role

Key Responsibilities

  • Interpret Veracode SAST reports — understand CWE classifications, flaw categories, and severity scoring.
  • Triage High and Critical findings by exploitability, business impact, and remediation complexity.
  • Map each Veracode finding to the relevant source code module — VB6, C#, VB.NET, SQL, Python, or Fortran.
  • Prioritize remediation backlog and communicate status to stakeholders and auditors.
  • Identify and fix OS command injection vulnerabilities across VB6 and .NET components.
  • Identify and fix SQL injection vulnerabilities in VB6, .NET, and any dynamic SQL construction patterns.
  • Work within the VB6 codebase — Windows API calls, ActiveX components, and VB6-specific security pitfalls.
  • Rebuild applications after applying patches — manage dependencies, resolve build errors, and validate successful compilation.
  • Perform unit-level and integration-level testing for each patched module.
  • Execute Veracode rescans to confirm vulnerability resolution and track flaw closure rate.
  • Conduct regression testing to ensure no functional degradation, performance impact, or breaking changes.
  • Maintain documentation: root cause analysis, code changes, testing approach, and residual risk per finding.

Required Skills & Experience

  • Strong hands-on experience with Visual Basic 6 (VB6) — including ADO, Windows API, ActiveX, and VB6 IDE.
  • Proficiency in C# and/or VB.NET on .NET Framework — Windows Forms development and data access.
  • Deep understanding of SQL injection (remediation: parameterized queries, stored procedures, input validation.
  • Proven experience fixing command injection: input sanitization, allowlisting, safe execution patterns.
  • Hands-on experience with Veracode SAST — interpreting findings, understanding CWE classifications, and driving flaw closure.
  • Knowledge of OWASP Top 10 and secure coding standards applicable to Windows desktop applications.
  • Experience with CVSS scoring, vulnerability triage, and remediation prioritization.
  • Ability to write and execute security-focused test cases to validate fixes.
  • Proficiency with Git or SVN for source code version control and patch management.
  • Experience with code review processes, pull requests, and collaborative development workflows.
  • Familiarity with issue tracking systems such as JIRA, Azure DevOps, or GitHub Issues.
  • Bachelor's or Master's degree in Computer Science, Software Engineering, Cybersecurity, or a related field.
  • 8 to 9+ years of professional experience in Windows desktop application development (VB6 / .NET)
  • Experience with additional languages in scope: Python , Fortran code review.
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent