Senior Secure Code Auditor

Summary

Join SonicWall, a cybersecurity leader with over 30 years of experience, as a Security Code Analyst. You will conduct detailed code reviews in C/C++, identify vulnerabilities, and collaborate with development teams to implement secure coding practices. Responsibilities include vulnerability assessments, documentation, compliance verification, and providing security training. You will leverage various tools and techniques for code analysis, debugging, and vulnerability discovery. Success requires strong analytical and communication skills, and the ability to work both independently and collaboratively.

Requirements

• Proficiency in C and C++ programming languages, including advanced concepts such as memory management and multithreading
• Deep understanding of common security vulnerabilities and exploitation techniques in C/C++ applications
• Familiarity with modern software development tools and environments (e.g., GCC, Clang)
• Experience with code analysis tools such as Coverity, KlocWork, CodeChecker or Fortify
• Knowledge of debugging and diagnostic tools (e.g., GDB, Valgrind)
• Hands-on experience with fuzzing, penetration testing, and other vulnerability discovery methodologies
• Excellent analytical and problem-solving skills
• Strong communication skills to convey complex technical findings to diverse stakeholders
• Ability to work independently and as part of a team

Responsibilities

• Conduct detailed reviews of C/C++ codebases to identify potential security vulnerabilities, including buffer overflows, memory leaks, race conditions, and other weaknesses
• Collaborate with development teams to implement secure coding practices and provide recommendations for mitigating identified risks
• Use static and dynamic analysis tools to uncover security flaws and verify the effectiveness of implemented fixes
• Prepare comprehensive audit reports detailing identified vulnerabilities, their potential impact, and recommended remediation steps
• Ensure code adheres to applicable standards (e.g., OWASP, MISRA, CERT C/C++ guidelines)
• Provide training and guidance to development teams on secure coding techniques and practices
• Work closely with developers, QA, and security teams to establish a secure development lifecycle and address security concerns proactively

Preferred Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field
• 5+ years of experience in the field of C/C++ development
• Certifications such as Certified Secure Software Lifecycle Professional (CSSLP) or Offensive Security Certified Professional (OSCP)
• Familiarity with Agile or DevSecOps workflows
• Knowledge of other languages (e.g., Python, Shell) for scripting and automation