Secure Code Auditor- C/C++ and Vunerablities experience is a must

About the position

SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company, ensuring our partners and their customers are never alone in the fight against cybercrime. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides relentless security against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization-enterprise, government agencies and SMBs-around the world.

Responsibilities

• Conduct detailed reviews of C/C++ codebases to identify potential security vulnerabilities, including buffer overflows, memory leaks, race conditions, and other weaknesses.
• Collaborate with development teams to implement secure coding practices and provide recommendations for mitigating identified risks.
• Use static and dynamic analysis tools to uncover security flaws and verify the effectiveness of implemented fixes.
• Prepare comprehensive audit reports detailing identified vulnerabilities, their potential impact, and recommended remediation steps.
• Ensure code adheres to applicable standards (e.g., OWASP, MISRA, CERT C/C++ guidelines).
• Provide training and guidance to development teams on secure coding techniques and practices.
• Work closely with developers, QA, and security teams to establish a secure development lifecycle and address security concerns proactively.

Requirements

• Proficiency in C and C++ programming languages, including advanced concepts such as memory management and multithreading.
• Deep understanding of common security vulnerabilities and exploitation techniques in C/C++ applications.
• Familiarity with modern software development tools and environments (e.g., GCC, Clang).
• Experience with code analysis tools such as Coverity, KlocWork, CodeChecker or Fortify.
• Knowledge of debugging and diagnostic tools (e.g., GDB, Valgrind).
• Hands-on experience with fuzzing, penetration testing, and other vulnerability discovery methodologies.
• Excellent analytical and problem-solving skills.
• Strong communication skills to convey complex technical findings to diverse stakeholders.
• Ability to work independently and as part of a team.

Nice-to-haves

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• 3+ years of experience in the field of C/C++ development.
• Certifications such as Certified Secure Software Lifecycle Professional (CSSLP) or Offensive Security Certified Professional (OSCP).
• Familiarity with Agile or DevSecOps workflows.
• Knowledge of other languages (e.g., Python, Shell) for scripting and automation.