Logo
NetSPI

Principal Security Consultant (Secure Code Review)

NetSPI, Minneapolis, Minnesota, United States, 55400


*US Remote Role*

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.

NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers.

NetSPI is seeking a Principal level consultant for our secure code review practice. These individuals will primarily serve as a resource for delivering client assessment services and contribute to practice development.

Responsibilities:

Deliver secure code review assessment on programming languages such as Java, C#, C/C++, Python, TypeScript, and JavaScript Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques Review vulnerabilities (CVEs) in usage of third-party libraries and determine reachability and exploitability. Develop and review checklists, custom vulnerability description, business impact and remediation strategies. Develop custom rules and patterns to enhance the capabilities of existing SAST Tools. Contribute to development and delivery of secure coding review and development best practices and remediation training Contribute to the development and delivery of secure code review training and secure coding best practices. Collaborate with and assist developers in writing secure software and remediating existing vulnerabilities Mentor and assist team members in effectively delivering assessments and enhancing skillsets Contribute to the community through the development of tools, presentations, white papers, and blogs. Minimum Qualifications:

Minimum of 5+ years of experience in delivering secure code reviews using both manual and automated static analysis techniques. Thorough understanding of the OWASP Top 10 and SANS Top 25 vulnerabilities, with a strong focus on identifying and remediating security issues in source code Proficiency in performing taint analysis, understanding routing mechanisms of various frameworks, and identifying existing mitigating controls within source code Ability to explain risk and business impact of security vulnerabilities in source code to variety of audience Bachelor's degree or higher, preferred with a concentration in Computer Science, Electrical or Computer Engineering, Math, or IT - or equivalent experience. Up to 25% travel Preferred Qualifications:

Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities in at least two of the following languages: Java, C#, C/C++, Python, JavaScript and Typescript Hands-on experience conducting security focused static analysis using commercial SAST tools such as Checkmarx, Semgrep, Veracode, Appscan Source, Coverity, Fortify and SonarQube Experience in software development in at least one server-side programming language Web Application pen testing experience OSCP, OSWE, or similar certifications

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.