About the role
COMPANY OVERVIEW ThreatLocker® is a leader in endpoint protection technologies, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. The ThreatLocker® platform with Application Allowlisting, Ringfencing™, Storage Control, Elevation Control, Endpoint Network Control, Configuration Management, and Operational Alert solutions are leading the cybersecurity market toward a more secure approach of blocking the exploits of application vulnerabilities. POSITION OVERVIEW We are looking for a Security-Focused Software Developer to join our onsite team, specializing exclusively in manual and automated code review for security vulnerabilities . In this role, you will not be writing production code but will be deeply involved in reviewing application code to identify security issues, enforce secure coding practices, and ensure compliance with industry security standards.
The role will be based in Orlando, FL and is an in-office position. KEY
RESPONSIBILITIES P erform in-depth security-focused code reviews across various codebases and languages I dentify common and advanced security vulnerabilities (e.g., injection, XSS, insecure deserialization, insecure APIs). W ork closely with developers to educate and guide them in secure coding practices. R ecommend fixes and mitigation strategies, ensuring adherence to security standards (e.g., OWASP Top 10, CWE, NIST). C ollaborate with security engineers, architects, and DevSecOps teams to enhance code security posture. Ma intain documentation of findings and track remediation status. U tilize static and dynamic analysis tools to supplement manual reviews. P articipate in security audits, threat modeling, and secure code training sessions. REQUIRED
QUALIFICATIONS Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience). 5+ years of experience in software development with at least 2 years in secure code review or application security . Strong understanding of secure software development lifecycle (SSDLC) . Experience identifying and remediating vulnerabilities in code written in one or more languages (e.g., C/C++, C#, Swift, Java, JavaScript, Python). Familiarity with security tools such as SonarQube, Fortify, Checkmarx, Veracode , or similar. Knowledge of OWASP Top 10, CWE/SANS 25, and CVSS scoring . Strong analytical, communication, and documentation skills. PREFERRED
