Source Code Review / SAST Security Analyst

Position: Source Code Review / SAST Security AnalystExperience: 1–8 yearsLocation: Ghatkopar, MumbaiJob descriptionShieldbyte Infosec is a leading cybersecurity company. We specialize in penetration testing, phishing simulation, cybersecurity training, and cybersecurity compliance audits. Join us to make a global impact in the dynamic field of cybersecurity.We are seeking a skilled Source Code Review / SAST Security Analyst to identify security vulnerabilities across applications, APIs, and platforms through detailed code analysis. The ideal candidate will have hands-on experience with secure coding practices and static application security testing (SAST), and the ability to collaborate with development teams to remediate issues and strengthen product security.Responsibilities- Perform manual and tool-based Source Code Reviews to identify vulnerabilities, insecure patterns, logic flaws, and architectural weaknesses. - Conduct Static Application Security Testing (SAST) using industry-standard tools (e.g., SonarQube, Checkmarx, Fortify, Veracode, Snyk, GitLab SAST). - Analyze code in multiple programming languages, including but not limited to Java, Python, PHP, JavaScript/Node.js, C#, Go, Ruby, and mobile app codebases (Android/iOS). - Work closely with developers to explain findings, provide secure coding guidance, and support remediation. - Validate fixes and conduct retesting to ensure vulnerabilities are properly resolved. - Prepare detailed technical reports, risk ratings, and executive summaries. - Review CI/CD pipelines to integrate security controls and automated SAST scans. - Evaluate and enhance secure SDLC (SSDLC) processes. - Identify OWASP Top 10, SANS Top 25, API security issues, and business logic weaknesses in codebases. - Participate in architecture reviews, threat modeling sessions, and code-level deep dives. - Stay updated with the latest security research, CVEs, and secure coding standards.Skills and Qualifications- 1–8 years of hands-on experience in source code analysis and SAST. - Strong understanding of secure coding principles and common vulnerability patterns. - Familiarity with OWASP, Secure Coding Standards, and industry best practices. - Experience using one or more SAST tools (Checkmarx, Fortify, SonarQube, Veracode, GitLab SAST, Snyk, etc.). - Ability to read, interpret, and analyze complex code logic. - Strong knowledge of at least two programming languages. - Good understanding of web applications, APIs, and microservice architecture. - Knowledge of DevSecOps integrations and CI/CD pipelines is a plus. - Excellent verbal and written communication skills.Preferred Qualifications- Experience with DAST, SCA, or penetration testing is an added advantage. - Certifications such as CEH, OSCP, GWAPT, CASE, CSSLP, or similar will be preferred.

Apply Now