Software Developer – Security Code Review

ThreatLocker® is a leader in endpoint protection technologies, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. The ThreatLocker® platform with Application Allowlisting, Ringfencing™, Storage Control, Elevation Control, Endpoint Network Control, Configuration Management, and Operational Alert solutions are leading the cybersecurity market toward a more secure approach of blocking the exploits of application vulnerabilities.

We are looking for a Security-Focused Software Developer to join our onsite team, specializing exclusively in manual and automated code review for security vulnerabilities. In this role, you will not be writing production code but will be deeply involved in reviewing application code to identify security issues, enforce secure coding practices, and ensure compliance with industry security standards. The role will be based in Orlando, FL and is an in-office position.

• →Perform in-depth security-focused code reviews across various codebases and languages
• →Identify common and advanced security vulnerabilities (e.g., injection, XSS, insecure deserialization, insecure APIs).
• →Work closely with developers to educate and guide them in secure coding practices.
• →Recommend fixes and mitigation strategies, ensuring adherence to security standards (e.g., OWASP Top 10, CWE, NIST).
• →Collaborate with security engineers, architects, and DevSecOps teams to enhance code security posture.
• →Maintain documentation of findings and track remediation status.
• →Utilize static and dynamic analysis tools to supplement manual reviews.
• →Participate in security audits, threat modeling, and secure code training sessions.

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• 5+ years of experience in software development with at least 2 years in secure code review or application security.
• Strong understanding of secure software development lifecycle (SSDLC).
• Experience identifying and remediating vulnerabilities in code written in one or more languages (e.g., C/C++, C#, Swift, Java, JavaScript, Python).
• Familiarity with security tools such as SonarQube, Fortify, Checkmarx, Veracode, or similar.
• Knowledge of OWASP Top 10, CWE/SANS 25, and CVSS scoring.
• Strong analytical, communication, and documentation skills.

• Security certifications such as OSCP, CSSLP, CEH, or GWAPT.
• Experience in regulated environments (e.g., finance, healthcare, defense).
• Familiarity with threat modeling, penetration testing, or red/blue team operations.

The duties described below are representative of those encountered while performing the essential functions of this position. If necessary, reasonable accommodation may be requested and will be evaluated for its relationship to the essential functions that must be performed.

• Job will generally be performed in an office environment but may require travel to visit company offices and/or property locations.
• While performing duties of this job, would occasionally require to stand, walk, sit, reach with hands and arms, climb or balance, stoop or kneel, talk and hear, and use fingers and hands to feel objects and tools.
• Must occasionally lift and/or move up to 25 pounds.
• Specific vision abilities required include close vision, distance vision, depth perceptions, and the ability to adjust focus.

A background check and drug/substance screening are required after a conditional offer. Employment will proceed only upon receiving clear results from both.

ThreatLocker also conducts randomized drug and substance testing approximately every 60 days, in line with the same screening standards.