Source Code Analyst with Penetration Testing

Job Summary:

We are seeking a skilled and detail-oriented Source Code Analyst with strong penetration testing expertise to join our cybersecurity team. The ideal candidate will be responsible for identifying vulnerabilities in application source code, performing static and dynamic code analysis, and conducting ethical hacking to help secure our applications and infrastructure.

Key Responsibilities:

• Perform source code reviews to identify security flaws in applications (web, mobile, APIs)
• Conduct static application security testing (SAST) and interpret results to guide remediation
• Perform manual and automated penetration testing on web apps, APIs, and internal systems
• Analyze findings from tools such as Burp Suite, Fortify, Veracode, SonarQube, and Checkmarx
• Collaborate with development teams to explain vulnerabilities and recommend secure coding practices
• Create detailed technical reports with reproducible proof-of-concept (PoC) exploits
• Conduct threat modeling and participate in secure SDLC reviews
• Stay updated with the latest vulnerabilities, attack vectors, and security research

Required Skills and Experience:

• 3 6 years of experience in source code analysis and/or penetration testing
• Strong programming knowledge in Java, Python, JavaScript, C#, or similar languages
• Experience with both SAST and DAST tools
• Strong understanding of OWASP Top 10, CWE, and NIST security guidelines
• Hands-on experience with Burp Suite Pro, Nmap, Metasploit, and Kali Linux
• Ability to manually find and exploit vulnerabilities (e.g., XSS, SQLi, RCE)
• Experience writing technical documentation and reports for both technical and non-technical stakeholders

Preferred Qualifications:

• Certifications such as OSCP, OSWE, CEH, GWAPT, or GPEN
• Experience with cloud platforms (AWS, Azure) and securing cloud-native applications
• Knowledge of DevSecOps and integrating security in CI/CD pipelines
• Familiarity with container security (Docker, Kubernetes)