Software Developer – Security Code Review

<p><strong>COMPANY OVERVIEW</strong></p> <p><span class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">ThreatLocker® is a leader in endpoint protection technologies, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. The ThreatLocker® platform with Application Allowlisting, Ringfencing™, Storage Control, Elevation Control, Endpoint Network Control, Configuration Management, and Operational Alert solutions are leading the cybersecurity market toward a more secure approach of blocking the exploits of application vulnerabilities.</span></p> <p><strong>POSITION OVERVIEW</strong></p> <p><span data-teams="true">We are looking for a <strong>Security-Focused Software Developer</strong> to join our onsite team, specializing exclusively in <strong>manual and automated code review for security vulnerabilities</strong>. In this role, you will not be writing production code but will be deeply involved in reviewing application code to identify security issues, enforce secure coding practices, and ensure compliance with industry security standards.</span></p> <p><span data-teams="true"><span style="color: rgb(26, 113, 200);"><strong>The role will be based in Orlando, FL and is an in-office position.</strong></span></span></p> <p><strong><span data-teams="true">KEY RESPONSIBILITIES</span></strong></p> <ul> <li><span style="font-family: helvetica, arial, sans-serif;">P<span data-teams="true">erform <strong>in-depth security-focused code reviews</strong> across various codebases and languages</span></span></li> <li><span style="font-family: helvetica, arial, sans-serif;">I<span data-teams="true">dentify common and advanced security vulnerabilities (e.g., injection, XSS, insecure deserialization, insecure APIs).</span></span></li> <li><span style="font-family: helvetica, arial, sans-serif;">W<span data-teams="true">ork closely with developers to <strong>educate and guide</strong> them in secure coding practices.</span></span></li> <li><span style="font-family: helvetica, arial, sans-serif;">R<span data-teams="true">ecommend fixes and mitigation strategies, ensuring adherence to security standards (e.g., OWASP Top 10, CWE, NIST).</span></span></li> <li><span style="font-family: helvetica, arial, sans-serif;">C<span data-teams="true">ollaborate with security engineers, architects, and DevSecOps teams to enhance code security posture.</span></span></li> <li><span style="font-family: helvetica, arial, sans-serif;">Ma<span data-teams="true">intain documentation of findings and track remediation status.</span></span></li> <li><span style="font-family: helvetica, arial, sans-serif;">U<span data-teams="true">tilize static and dynamic analysis tools to supplement manual reviews.</span></span></li> <li><span style="font-family: helvetica, arial, sans-serif;">P<span data-teams="true">articipate in security audits, threat modeling, and secure code training sessions.</span></span></li> </ul> <p><strong>REQUIRED QUALIFICATIONS</strong></p> <ul> <li><span data-olk-copy-source="MessageBody"><span data-teams="true">Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).</span></span></li> <li><span data-olk-copy-source="MessageBody"><span data-teams="true"><strong>5+ years of experience in software development</strong> with at least <strong>2 years in secure code review or application security</strong>.</span></span></li> <li><span data-olk-copy-source="MessageBody"><span data-teams="true">Strong understanding of <strong>secure software development lifecycle (SSDLC)</strong>.</span></span></li> <li><span data-olk-copy-source="MessageBody"><span data-teams="true">Experience identifying and remediating vulnerabilities in code written in one or more languages (e.g., C/C++, C#, Swift, Java, JavaScript, Python).</span></span></li> <li><span data-olk-copy-source="MessageBody"><span data-teams="true">Familiarity with security tools such as <strong>SonarQube, Fortify, Checkmarx, Veracode</strong>, or similar.</span></span></li> <li><span data-olk-copy-source="MessageBody"><span data-teams="true">Knowledge of <strong>OWASP Top 10, CWE/SANS 25, and CVSS scoring</strong>.</span></span></li> <li><span data-olk-copy-source="MessageBody"><span data-teams="true">Strong analytical, communication, and documentation skills.</span></span></li> </ul> <p><strong>PREFERRED QUALIFICATIONS IN</strong></p> <ul> <li><span data-olk-copy-source="MessageBody"><span data-teams="true">Security certifications such as <strong>OSCP, CSSLP, CEH, or GWAPT</strong>.</span></span></li> <li><span data-olk-copy-source="MessageBody"><span data-teams="true">Experience in regulated environments (e.g., finance, healthcare, defense).</span></span></li> <li><span data-olk-copy-source="MessageBody"><span data-teams="true">Familiarity with <strong>threat modeling, penetration testing</strong>, or red/blue team operations.</span></span></li> </ul> <p><strong>WORKING CONDITIONS</strong></p> <p><span style="font-weight: 400;">The duties described below are representative of those encountered while performing the essential functions of this position. If necessary, reasonable accommodation may be requested and will be evaluated for its relationship to the essential functions that must be performed.</span></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Job will generally be performed in an office environment but may require travel to visit company offices and/or property locations.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">While performing duties of this job, would occasionally require to stand, walk, sit, reach with hands and arms, climb or balance, stoop or kneel, talk and hear, and use fingers and hands to feel objects and tools.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Must occasionally lift and/or move up to 25 pounds.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Specific vision abilities required include close vision, distance vision, depth perceptions, and the ability to adjust focus.</span></li> </ul> <p><span style="font-weight: 400;"></span></p> <p><span style="color: rgb(26, 113, 200);"><strong><em>A background check and drug/substance screening are required after a conditional offer. Employment will proceed only upon receiving clear results from both.</em></strong></span></p> <p><span style="color: rgb(26, 113, 200);"><strong><em>&nbsp;</em></strong><strong><em>ThreatLocker also conducts randomized drug and substance testing approximately every 60 days, in line with the same screening standards.</em></strong></span></p> <p><span style="font-weight: 400;"></span></p>