Senior Security Consultant
Indexed description
NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.
Join the mission as a Security Consultant (Secure Code Review). These individuals will primarily serve as a resource for delivery of client assessment services and contribute to practice development. Individuals who are passionate about findings vulnerabilities in source code and identifying secure coding best practices should consider applying.
Core Competencies
- This position requires an understanding of technology, enterprise security and risk management.
- Incumbent should have experience with application security assessment and testing, as well as demonstrate competencies in problem solving, client service, written and verbal communications, and project execution. Incumbent should adhere to high standards of ethics, integrity and display professionalism.
- Finally, incumbent should possess strong consulting skills.
- Proven ability to identify security vulnerabilities in source code across various programming languages and frameworks including Java, .Net, JavaScript, Python, and more.
- Experience using, configuring, and triaging findings from Static Application Security Testing (SAST) tools such as Veracode, Checkmarx or Semgrep.
- Proven track record in delivering several assessments involving static analysis and manual code review. The consultant should excel in taint tracking across data and control flow paths from source to sink and be skilled at identifying mitigation controls that may affect a finding's exploitability.
- Experience identifying and reviewing third-party vulnerabilities in source code using software composition analysis tools. The consultant should be adept at researching CVEs to assess exploitability factors and perform reachability analysis to determine whether a vulnerable library poses an actual risk.
- Strong understanding of build tools (Maven, Gradle) and package managers (npm, pip), with the ability to navigate project structures and dependency configurations during review.
- Proven ability to work effectively with developers and application stakeholders, providing clear remediation guidance and contextual explanations for identified vulnerabilities.
- Ability to train and mentor developers on understanding, describing, and remediating vulnerabilities identified during engagements.
- Minimum of two years of hands-on secure code review experience across multiple languages and frameworks, with proficiency in analyzing source code against established secure coding guidelines.
- Knowledge of exploiting web applications and understanding of the OWASP Top 10 issues, including ability to identify and remediate vulnerabilities in source code.
- Bachelor’s degree in computer science/engineering or equivalent.
- Experience in detecting, analyzing, and providing recommendation guidance on security vulnerabilities in at least one of the following languages: Java, C#, PHP, Python, Perl, C/C++, SQL, JavaScript.
- Hands-on experience conducting security focused static analysis using commercial SAST tools such as Veracode, Checkmarx, Semgrep, AppScan Source, Coverity, Fortify, or SonarQube.
- Professional programming experience in at least one server-side programming language.
- Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience.
- Master’s degree in computer science/ engineering or equivalent.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search