Source Code Auditor

Position Summary

Softcell Global Technologies Pvt. Ltd. is seeking a Source Code Auditor with proven expertise in both manual and automated code review. The ideal candidate should be adept with modern SAST & DAST tools and collaborative platforms, understand secure software development practices, and be capable of identifying real-world vulnerabilities across multiple languages and frameworks. This role is critical in identifying security vulnerabilities, ensuring secure coding practices, and integrating security throughout the SDLC.

Key Responsibilities

Code Review (Manual + Automated)

• Conduct comprehensive manual reviews to identify security flaws, insecure patterns, and logical vulnerabilities.
• Perform automated static and dynamic code analysis using tools like SonarQube, Fortify, Veracode, Burp Suite, OWASP ZAP, DeepSeek, etc.
• Document findings with clear proof-of-concept and mitigation recommendations.

Security Compliance & Best Practices

• Assess code for input validation, output encoding, SQLi, XSS, CSRF, auth flaws, and cryptographic implementations.
• Validate third-party libraries using Snyk, Dependency-Check, or WhiteSource.
• Ensure compliance with OWASP, PCI-DSS, HIPAA, or other relevant industry standards and coding benchmarks.
• Analyze code structure and maintainability, ensure modularity, proper separation of concerns, adherence to SOLID principles, and avoidance of anti-patterns or code smells.

Documentation & Reporting

• Generate detailed audit reports with risk ratings and recommendations.
• Review project documentation such as changelogs, API docs (Swagger/OpenAPI), and code metadata.
• Enforce internal coding standards and audit policies.

Collaboration & Reviews

• Conduct peer reviews using GitHub/GitLab, Crucible, or similar platforms.
• Assist development teams in understanding and resolving security issues.
• Participate in internal security training and secure coding awareness programs.

Preferred Tools & Platforms

• SAST & Security Linters: SonarQube, Fortify SCA, Checkmarx, Veracode, etc
• DAST: OWASP ZAP, Burp Suite, Acunetix, Netsparker, AppScan, etc
• Manual Review & Collaboration: GitHub, GitLab, Bitbucket, Crucible, Review Board, Phabricator
• Dependency & License Scanning: Snyk, OWASP Dependency-Check, WhiteSource, Semgrep
• CI/CD & DevOps: Jenkins, GitHub Actions, GitLab CI, Burp Suite Enterprise

Preferred Certifications

• OSWE – Offensive Security Web Expert
• CSSLP – Certified Secure Software Lifecycle Professional (ISC²)
• ECSP – EC-Council Certified Secure Programmer
• CREST CCT App – Certified Application Security Tester
• Secure Code Warrior / Microsoft Secure Code certifications

Qualifications

• Minimum 2 years of experience in source code auditing 
• Strong understanding of secure coding across Java, .NET, Python, PHP, JavaScript, etc.
• Bachelor’s degree in Computer Science, Cybersecurity, or related field.
• Excellent communication, documentation, and collaboration skills.
• Must be available in Mumbai for full-time onsite work.

Additional Details

• Immediate Joiners Only
• Practical Skills Are a Must – Onsite face-to-face technical round (No virtual/remote interviews)

Why Join Softcell?

• Work with cutting-edge tools and enterprise projects.
• Learn from industry experts and grow within a specialized cybersecurity team.
• Contribute to critical application security reviews across domains like finance, retail, healthcare, and government.

About Company

At Softcell Technologies, we bring over 30 years of expertise in delivering end-to-end IT infrastructure solutions to enterprises across India. With deep roots in security, cloud, data center, and engineering technologies, we empower organizations to meet complex IT challenges. Softcell is also a CERT-In empaneled organization, recognized for conducting official cybersecurity assessments across industries. Join us to work on high-impact security projects, lead technical engagements, and grow within a passionate cybersecurity team.