NetSPI LLC
Principal Security Consultant (Secure Code Review)
NetSPI LLC, Saint Paul, Minnesota, United States,
NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.
NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.
NetSPI is seeking a Principal level consultant for our secure code review practice. These individuals will primarily serve as a resource for delivering client assessment services and contribute to practice development.
Responsibilities:
Deliver secure code review assessment on programming languages such as Java, C#, C/C++, Python, TypeScript, and JavaScript
Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques
Review vulnerabilities (CVEs) in usage of third-party libraries and determine reachability and exploitability.
Develop and review checklists, custom vulnerability description, business impact and remediation strategies.
Develop custom rules and patterns to enhance the capabilities of existing SAST Tools.
Contribute to development and delivery of secure coding review and development best practices and remediation training
Contribute to the development and delivery of secure code review training and secure coding best practices.
Collaborate with and assist developers in writing secure software and remediating existing vulnerabilities
Mentor and assist team members in effectively delivering assessments and enhancing skillsets
Contribute to the community through the development of tools, presentations, white papers, and blogs.
Minimum Qualifications:
Minimum of 5+ years of experience in delivering secure code reviews using both manual and automated static analysis techniques.
Thorough understanding of the OWASP Top 10 and SANS Top 25 vulnerabilities, with a strong focus on identifying and remediating security issues in source code
Proficiency in performing taint analysis, understanding routing mechanisms of various frameworks, and identifying existing mitigating controls within source code
Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience
Bachelor’s degree or higher, preferred with a concentration in Computer Science, Electrical or Computer Engineering, Math, or IT - or equivalent experience.
Up to 25% travel
Preferred Qualifications:
Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities in at least two of the following languages: Java, C#, C/C++, Python, JavaScript and Typescript
Hands-on experience conducting security focused static analysis using commercial SAST tools such as Checkmarx, Semgrep, Veracode, Appscan Source, Coverity, Fortify and SonarQube
Experience in software development in at least one server-side programming language
Web Application pen testing experience
OSCP, OSWE, or similar certifications
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.
#J-18808-Ljbffr
NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.
NetSPI is seeking a Principal level consultant for our secure code review practice. These individuals will primarily serve as a resource for delivering client assessment services and contribute to practice development.
Responsibilities:
Deliver secure code review assessment on programming languages such as Java, C#, C/C++, Python, TypeScript, and JavaScript
Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques
Review vulnerabilities (CVEs) in usage of third-party libraries and determine reachability and exploitability.
Develop and review checklists, custom vulnerability description, business impact and remediation strategies.
Develop custom rules and patterns to enhance the capabilities of existing SAST Tools.
Contribute to development and delivery of secure coding review and development best practices and remediation training
Contribute to the development and delivery of secure code review training and secure coding best practices.
Collaborate with and assist developers in writing secure software and remediating existing vulnerabilities
Mentor and assist team members in effectively delivering assessments and enhancing skillsets
Contribute to the community through the development of tools, presentations, white papers, and blogs.
Minimum Qualifications:
Minimum of 5+ years of experience in delivering secure code reviews using both manual and automated static analysis techniques.
Thorough understanding of the OWASP Top 10 and SANS Top 25 vulnerabilities, with a strong focus on identifying and remediating security issues in source code
Proficiency in performing taint analysis, understanding routing mechanisms of various frameworks, and identifying existing mitigating controls within source code
Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience
Bachelor’s degree or higher, preferred with a concentration in Computer Science, Electrical or Computer Engineering, Math, or IT - or equivalent experience.
Up to 25% travel
Preferred Qualifications:
Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities in at least two of the following languages: Java, C#, C/C++, Python, JavaScript and Typescript
Hands-on experience conducting security focused static analysis using commercial SAST tools such as Checkmarx, Semgrep, Veracode, Appscan Source, Coverity, Fortify and SonarQube
Experience in software development in at least one server-side programming language
Web Application pen testing experience
OSCP, OSWE, or similar certifications
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.
#J-18808-Ljbffr