{bc}

Secure Source Code Reviewer

Solvex SolutionsAbu Dhabi, UAE1 weeks agoMid-Senior
Mid-Seniorcontract

Skills

CodeReviewerSecure

About This Role

Secure Source Code Reviewer (SAST Specialist)

***Domain:***

*Application Security – Manual & Tool-Assisted Code Review*

1. Role Summary

Performs manual and tool-assisted secure code reviews across languages in use (Java, Python, Go, TypeScript, C#, etc.).

Validates SAST findings, eliminates false positives, and identifies vulnerabilities that static analysis cannot detect — such as complex business-logic flaws, cryptographic misuse, and insecure design.

2. In-Scope Platforms / Tooling

  • Fortify SCA, Semgrep, CodeQL, GitLab SAST (as supporting tooling)
  • 3.

Job Description

  • – Key Responsibilities:
  • Conduct in-depth code reviews on high-risk modules (auth, crypto, data handling).
  • Triage Fortify/SAST backlog: validate findings, classify true/false positives, and advise developers on fix patterns.
  • Author and maintain secure-coding guidelines and language-specific hardening checklists.
  • Provide secure-coding training and 'office hours' for development teams.
  • Partner with the DevSecOps Pipeline Engineer to refine SAST rule sets and reduce noise.
  • Contribute to threat modelling and architecture reviews.

4. Goals

1.

Raise the signal-to-noise ratio of SAST findings so developers act on them.

2.

Catch design- and logic-level vulnerabilities that static tools miss.

3.

Continuously raise the secure-coding baseline across engineering teams.

5. Specific Objectives (SMART)

1.

Review 100% of critical-path modules on a defined rotation (at least quarterly)

2.

Review every SAST finding on the critical path prior to release sign-off.

3.

Publish quarterly secure-coding guidance updates based on observed anti-patterns.

4.

Measurably reduce false-positive rate of SAST pipeline quarter-over-quarter.

6. Timeline & Engagement Model

12-month contract.

Steady-state workload from week 1, aligned to sprint and release cadence.

7. Rationale & Framework Alignment

Manual secure code review is an explicit requirement in NIST SSDF (PW.7), ISO 27001 A.8.28 (secure coding), OWASP SAMM Implementation, and is recognized by OWASP as catching 10–15% more serious vulnerabilities than SAST alone.

SAST tools like Fortify produce large backlogs that developers ignore without expert triage; a dedicated reviewer converts noise into actionable, prioritized guidance and prevents the SAST investment from degrading into shelfware.

This role is distinct from pentesting — it works upstream, before vulnerabilities ship.

8. Required Skills & Certifications

  • Proven hands-on experience (3+ years) with the listed platforms or equivalents.
  • Relevant industry certifications (e.g. vendor certs, OSCP, CISSP, GCIH, CCSP, depending on role).
  • Strong scripting/automation skills (Python, Bash, PowerShell).
  • Working knowledge of NIST CSF 2.0, ISO 27001, MITRE ATT&CK, and UAE IA Regulation.
  • Excellent written and verbal communication — ability to brief both engineers and management.

9. Reporting Line

Reports to the Principal Cybersecurity Architect.

Day-to-day coordination with the Security Operations and Engineering teams.

Your resume, rewritten for this exact role.

Sign up free — Base Career tailors your CV to this job description in 60 seconds.

01 / 05

Resume Tailored to This Job

Resume Tailored to This Job

Your keywords, structure, and story — rewritten to match this exact role and pass ATS filters.

Get My Free Resume

Free · No card · 60 seconds

02 / 05

Cover Letter for This Role, Done

Cover Letter for This Role, Done

Job-specific cover letters written in Gulf professional tone — ready in seconds, not hours.

Get My Cover Letter

Free · No card · 60 seconds

03 / 05

See How Well You Fit This Role

See How Well You Fit This Role

AI match score with clear reasons — know your fit before investing time in the application.

Check My Fit Score

Free · No card · 60 seconds

04 / 05

Apply in One Click

Apply in One Click

Autofill any application form on Workday, LinkedIn, Bayt, Greenhouse — with your tailored content.

Start Applying Faster

Free · No card · 60 seconds

05 / 05

Track It. Follow Up at the Right Time.

Track It. Follow Up at the Right Time.

Visual pipeline for every application with AI-timed follow-up reminders so nothing slips.

Track My Applications

Free · No card · 60 seconds

Similar Jobs

Secure Source Code Reviewer (SAST Specialist)

Salt · Abu Dhabi

Mid-Seniorcontract

Secure Source Code Reviewer (SAST Specialist) Application Security | Abu Dhabi | 12-Month Contract | On-Site We are currently supporting a key enterprise client in Abu Dhabi that is looking to hire an experienced Secure

Skills

PythonJavaScriptTypeScript

2 weeks ago

Apply Now↗

2.2K+

Cover Letters & Follow-ups

1.8K+

Resumes Tailored

190.5K+

Jobs Tracked

Trusted by professionals at

PwC//
Emaar//
KPMG//
Noon//
Amazon AWS//
Talabat//
Deloitte//
Emirates//
Careem//
Aramex//
McKinsey//
Property Finder//
Majid Al Futtaim//
Chalhoub Group//
PwC//
Emaar//
KPMG//
Noon//
Amazon AWS//
Talabat//
Deloitte//
Emirates//
Careem//
Aramex//
McKinsey//
Property Finder//
Majid Al Futtaim//
Chalhoub Group//
AI Job Platform

Stop applying blindly. Start getting hired.

Base Career automates the hardest parts of job searching — apply smarter, not harder.

AI Resume in 60s

Your resume rewritten for this exact role using the job description as the brief.

ATS-Optimized

Get past automated screening filters with the right keywords matched to each job.

Application Tracker

Track every job, follow-up, and interview in one visual kanban board.

Free plan · No credit card required