NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers. We are seeking an experienced professional with demonstrated technical depth and breadth for our secure code review practice as well as the soft skills to effectively communicate with executive and technical teams. In this role, you will primarily serve as a resource for delivering client assessment services and contribute to practice development. Applicants are expected to leverage strong problem-solving skills, as well as lead, collaborate, and innovate to deliver high-quality exercises and exceptional experiences for our customers. Responsibilities Deliver secure code review assessment on programming languages such as Java, C#, C/C++, Python, TypeScript, and JavaScript Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques Review vulnerabilities (CVEs) in usage of third-party libraries and determine reachability and exploitability. Develop and review checklists, custom vulnerability description, business impact and remediation strategies. Develop custom rules and patterns to enhance the capabilities of existing SAST Tools. Contribute to development and delivery of secure coding review and development best practices and remediation training Contribute to the development and delivery of secure code review training and secure coding best practices. Collaborate with and assist developers in writing secure software and remediating existing vulnerabilities Mentor and assist team members in effectively delivering assessments and enhancing skillsets Contribute to the community through the development of tools, presentations, white papers, and blogs. Minimum Qualifications 5+ years of hands-on experience spanning secure code review, static application security testing (SAST), and/or source code-assisted penetration testing. Thorough understanding of the OWASP Top 10 and SANS Top 25 vulnerabilities, with a strong focus on identifying and remediating security issues in source code Proven understanding of enterprise application architecture, including scalable, high-availability environments for web/mobile applications. Expertise in conducting taint analysis to trace and remediate data flow vulnerabilities, with a deep understanding of request routing in diverse frameworks. Proven ability to audit codebases to identify and validate existing security controls (e.g., input validation, encoding) Familiarity with SAST tools such as Checkmarx, Fortify, Semgrep, Veracode, Appscan Source, Coverity or similar SAST platforms. Bachelor’s degree or higher with a concentration in computer science, engineering, math, IT, or equivalent experience. Preferred Qualifications Experience in web development using Java, .NET, or similar enterprise languages. Experience with modern front-end frameworks (Angular, React) and languages (TypeScript, JavaScript). OSCP, OSWE, or similar certifications Web Application pen-testing experience We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. Show more Show less