Source Code Review / SAST Security Analyst

ShieldByte Infosec Pvt. Ltd.

8 years

0 Lacs

mumbai maharashtra india

Posted:1 week ago| Platform:

Apply

Skills Required

code security cybersecurity testing phishing simulation training compliance audits analysis coding development logic sonarqube fortify snyk gitlab analyze programming java python php javascript node.js ruby mobile android support risk controls owasp api architecture research devsecops communication certifications

Work Mode

On-site

Job Type

Full Time

Job Description

Position:

Experience:

Location:

Shieldbyte Infosec

Source Code Review / SAST Security Analyst

Responsibilities

Perform
manual and tool-based Source Code Reviews
to identify vulnerabilities, insecure patterns, logic flaws, and architectural weaknesses.
Conduct
Static Application Security Testing (SAST)
using industry-standard tools (e.g., SonarQube, Checkmarx, Fortify, Veracode, Snyk, GitLab SAST).
Analyze code in
multiple programming languages
, including but not limited to Java, Python, PHP, JavaScript/Node.js, C#, Go, Ruby, and mobile app codebases (Android/iOS).
Work closely with developers to
explain findings
, provide secure coding guidance, and support remediation.
Validate fixes and conduct
retesting
to ensure vulnerabilities are properly resolved.
Prepare detailed
technical reports
, risk ratings, and executive summaries.
Review CI/CD pipelines to integrate security controls and automated SAST scans.
Evaluate and enhance
secure SDLC (SSDLC)
processes.
Identify OWASP Top 10, SANS Top 25, API security issues, and business logic weaknesses in codebases.
Participate in
architecture reviews
, threat modeling sessions, and code-level deep dives.
Stay updated with the latest security research, CVEs, and secure coding standards.

Skills and Qualifications

1–8 years of hands-on experience in
source code analysis and SAST
.
Strong understanding of
secure coding principles
and common vulnerability patterns.
Familiarity with
OWASP
,
Secure Coding Standards
, and industry best practices.
Experience using one or more SAST tools (Checkmarx, Fortify, SonarQube, Veracode, GitLab SAST, Snyk, etc.).
Ability to read, interpret, and analyze complex code logic.
Strong knowledge of at least two programming languages.
Good understanding of web applications, APIs, and microservice architecture.
Knowledge of DevSecOps integrations and CI/CD pipelines is a plus.
Excellent verbal and written communication skills.

Preferred Qualifications

Experience with
DAST, SCA, or penetration testing
is an added advantage.
Certifications such as
CEH, OSCP, GWAPT, CASE, CSSLP, or similar
will be preferred.

More Jobs at ShieldByte Infosec Pvt. Ltd.

Talent Acquisition Executive

maharashtra

2.0 - 6.0 yrs

Salary: Not disclosed

Sales Executive / Sales Manager (BDE/BDM)

mumbai, maharashtra, india

3.0 - 3.0 yrs

Salary: Not disclosed

Tender Executive

mumbai, maharashtra, india

5.0 - 5.0 yrs

Salary: Not disclosed

Area Sales Manager

mumbai, maharashtra, india

10.0 - 10.0 yrs

Salary: Not disclosed

Performance & Digital Marketing Executive

mumbai, maharashtra, india

4.0 - 4.0 yrs

Salary: Not disclosed

Mock Interview

Practice Video Interview with JobPe AI

Start Java Interview

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.