{bc}
linkedin

Secure Source Code Reviewer

Solvex Solutions
Abu Dhabi, UAE
Contract
Mid-Senior
2 months ago
CodeReviewerSecureSource
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

CodeReviewerSecure
Smart Apply

Full Job Posting

Secure Source Code Reviewer (Sast Specialist)

***Domain:***

*Application Security – Manual & Tool-Assisted Code Review*

1. Role Summary

Performs manual and tool-assisted secure code reviews across languages in use (Java, Python, Go, TypeScript, C#, etc.).

Validates SAST findings, eliminates false positives, and identifies vulnerabilities that static analysis cannot detect — such as complex business-logic flaws, cryptographic misuse, and insecure design.

2. In-Scope Platforms And Tooling

  • Fortify SCA, Semgrep, CodeQL, GitLab SAST (as supporting tooling)

3. Job Description – Key Responsibilities

  • Conduct in-depth code reviews on high-risk modules (auth, crypto, data handling).
  • Triage Fortify/SAST backlog: validate findings, classify true/false positives, and advise developers on fix patterns.
  • Author and maintain secure-coding guidelines and language-specific hardening checklists.
  • Provide secure-coding training and 'office hours' for development teams.
  • Partner with the DevSecOps Pipeline Engineer to refine SAST rule sets and reduce noise.
  • Contribute to threat modelling and architecture reviews.

4. Goals

1.

Raise the signal-to-noise ratio of SAST findings so developers act on them.

2.

Catch design- and logic-level vulnerabilities that static tools miss.

3.

Continuously raise the secure-coding baseline across engineering teams.

5. Specific Objectives (SMART)

1.

Review 100% of critical-path modules on a defined rotation (at least quarterly)

2.

Review every SAST finding on the critical path prior to release sign-off.

3.

Publish quarterly secure-coding guidance updates based on observed anti-patterns.

4.

Measurably reduce false-positive rate of SAST pipeline quarter-over-quarter.

6. Timeline & Engagement Model

12-month contract.

Steady-state workload from week 1, aligned to sprint and release cadence.

7. Rationale & Framework Alignment

Manual secure code review is an explicit requirement in NIST SSDF (PW.7), ISO 27001 A.8.28 (secure coding), OWASP SAMM Implementation, and is recognized by OWASP as catching 10–15% more serious vulnerabilities than SAST alone.

SAST tools like Fortify produce large backlogs that developers ignore without expert triage; a dedicated reviewer converts noise into actionable, prioritized guidance and prevents the SAST investment from degrading into shelfware.

This role is distinct from pentesting — it works upstream, before vulnerabilities ship.

8. Required Skills & Certifications

  • Proven hands-on experience (3+ years) with the listed platforms or equivalents.
  • Relevant industry certifications (e.g. vendor certs, OSCP, CISSP, GCIH, CCSP, depending on role).
  • Strong scripting/automation skills (Python, Bash, PowerShell).
  • Working knowledge of NIST CSF 2.0, ISO 27001, MITRE ATT&CK, and UAE IA Regulation.
  • Excellent written and verbal communication — ability to brief both engineers and management.

9. Reporting Line

Reports to the Principal Cybersecurity Architect.

Day-to-day coordination with the Security Operations and Engineering teams.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at Solvex Solutions