Secure Source Code Reviewer (SAST Specialist)
Skills
About This Role
Secure Source Code Reviewer (SAST Specialist)
Application Security \| Abu Dhabi \| 12-Month Contract \| On-Site
We are currently supporting a key enterprise client in Abu Dhabi that is looking to hire an experienced
Secure Source Code Reviewer (SAST Specialist)
to join their Information Security function on an initial 12-month contract.
This is a highly technical Application Security role focused on
manual and tool-assisted secure code review
across modern enterprise applications and microservices environments.
The successful candidate will play a critical role in improving the quality and effectiveness of secure development practices by identifying vulnerabilities that traditional SAST tooling alone cannot detect.
This position sits upstream of penetration testing and is designed to strengthen secure software delivery before vulnerabilities reach production.
The Role
You will conduct in-depth manual secure code reviews across technologies including Java/Spring Boot, JavaScript/Node.js, Python, Go, TypeScript, and C#, validating SAST findings, eliminating false positives, and identifying deeper vulnerabilities related to insecure authentication flows, cryptographic misuse, insecure design patterns, and business logic weaknesses.
You will work closely with Security Engineering and DevSecOps teams to improve detection quality, reduce alert fatigue, and help development teams remediate vulnerabilities effectively.
Key Responsibilities
- Perform detailed manual secure code reviews across critical application components and APIs
- Review authentication and authorization mechanisms, cryptographic implementations, and sensitive data handling logic
- Validate and triage findings generated by SAST tools including Fortify SCA, Semgrep, CodeQL, and GitLab SAST
- Differentiate true positives from false positives and provide developers with clear remediation guidance
- Develop and maintain secure coding standards and framework-specific hardening guidance
- Support engineering teams through secure coding workshops and developer remediation sessions
- Collaborate with DevSecOps teams to improve SAST rule tuning, detection accuracy, and pipeline effectiveness
- Participate in application security architecture reviews and threat modelling exercises
- Contribute to improving the organisation’s secure development lifecycle maturity in alignment with NIST SSDF, ISO 27001, and OWASP SAMM
What We’re Looking For
- Minimum 3+ years of hands-on secure code review experience
- Strong knowledge of OWASP Top 10 and secure software development principles
- Deep technical expertise across:
• JavaScript / Node.js
- Python
- Go
- C#
- REST APIs and microservices architectures
- Keycloak
- Strong understanding of:
- Authentication and authorization flows
- Cryptography implementation and misuse
- API security vulnerabilities
- Secure design principles
- Experience using SAST platforms such as:
- Fortify SCA
- Semgrep
- CodeQL
- GitLab SAST
- Strong scripting and automation capability using Python, Bash, or PowerShell
- Familiarity with NIST CSF 2.0, ISO 27001, MITRE ATT&CK, and UAE IA Regulation
- Relevant security certifications such as OSCP, CISSP, GCIH, or CCSP are advantageous
- Excellent communication skills with the ability to work directly with both engineers and senior stakeholders
Key Objectives
- Improve the signal-to-noise ratio of SAST findings
- Reduce false positives across the secure development pipeline
- Ensure all critical-path modules undergo secure code review on a defined rotation
- Raise the overall secure coding maturity across engineering teams
- Identify design- and logic-level vulnerabilities missed by automated tooling
- Please apply to be contacted with further information.
Your resume, rewritten
for this exact role.
Sign up free — Base Career tailors your CV to this job description in 60 seconds.
01 / 05
Resume Tailored to This Job
Your keywords, structure, and story — rewritten to match this exact role and pass ATS filters.
Free · No card · 60 seconds
02 / 05
Cover Letter for This Role, Done
Job-specific cover letters written in Gulf professional tone — ready in seconds, not hours.
Free · No card · 60 seconds
03 / 05
See How Well You Fit This Role
AI match score with clear reasons — know your fit before investing time in the application.
Free · No card · 60 seconds
04 / 05
Apply in One Click
Autofill any application form on Workday, LinkedIn, Bayt, Greenhouse — with your tailored content.
Free · No card · 60 seconds
05 / 05
Track It. Follow Up at the Right Time.
Visual pipeline for every application with AI-timed follow-up reminders so nothing slips.
Free · No card · 60 seconds
Similar Jobs
Secure Source Code Reviewer
Solvex Solutions · Abu Dhabi
Position: Secure Source Code Reviewer (SAST Specialist) Domain: Application Security – Manual & Tool-Assisted Code Review 1. Role Summary: Performs manual and tool-assisted secure code reviews across languages in use (Ja
Skills
1 weeks ago
Apply Now↗Apply Now ↗2.2K+
Cover Letters & Follow-ups
1.8K+
Resumes Tailored
190.5K+
Jobs Tracked
Trusted by professionals at
Stop applying blindly.
Start getting hired.
Base Career automates the hardest parts of job searching — apply smarter, not harder.
AI Resume in 60s
Your resume rewritten for this exact role using the job description as the brief.
ATS-Optimized
Get past automated screening filters with the right keywords matched to each job.
Application Tracker
Track every job, follow-up, and interview in one visual kanban board.
Free plan · No credit card required