Secure Source Code Reviewer; SAST Specialist

We are currently supporting a key enterprise client in Abu Dhabi that is looking to hire an experienced Secure Source Code Reviewer (SAST Specialist) to join their Information Security function on an initial 12-month contract.

This is a highly technical Application Security role focused on manual and tool-assisted secure code review across modern enterprise applications and microservices environments. The successful candidate will play a critical role in improving the quality and effectiveness of secure development practices by identifying vulnerabilities that traditional SAST tooling alone cannot detect. This position sits upstream of penetration testing and is designed to strengthen secure software delivery before vulnerabilities reach production.

Key responsibilities include conducting in-depth manual secure code reviews across technologies including Java/Spring Boot, JavaScript/Node.js, Python, Go, Type Script, and C#, validating SAST findings, eliminating false positives, and identifying deeper vulnerabilities related to insecure authentication flows, cryptographic misuse, insecure design patterns, and business logic weaknesses. You will work closely with Security Engineering and Dev Sec Ops  teams to improve detection quality, reduce alert fatigue, and help development teams remediate vulnerabilities effectively.

• Perform detailed manual secure code reviews across critical application components and APIs
• Review authentication and authorization mechanisms, cryptographic implementations, and sensitive data handling logic
• Validate and triage findings generated by SAST tools including Fortify SCA, Semgrep, CodeQL, and Git Lab SAST
• Differentiate true positives from false positives and provide developers with clear remediation guidance
• Develop and maintain secure coding standards and framework‑specific hardening guidance
• Support engineering teams through secure coding workshops and developer remediation sessions
• Collaborate with Dev Sec Ops  teams to improve SAST rule tuning, detection accuracy, and pipeline effectiveness
• Participate in application security architecture reviews and threat‑modeling exercises
• Contribute to improving the organisation’s secure development lifecycle maturity in alignment with NIST SSDF, ISO
  27001, andOWASPSAMM

• Minimum3+years of hands‑on secure code review experience
• Strong knowledge of OWASPTop
  10 and secure software development principles
• Deep technical expertise in Java/Spring Boot, JavaScript/Node.js, Python, Go, andC#
• Experience with REST APIs and microservices architectures
• Experience with Keycloak
• Strong understanding of authentication and authorization flows, cryptography implementation and misuse, API security vulnerabilities, and secure design principles
• Experience using SAST platforms such as Fortify
  
  SCA, Semgrep, CodeQL, and GitLabSAST
• Strong scripting and automation capability using Python, Bash, or Power Shell
• Familiarity with NISTCSF
  2.0, ISO
  27001, MITREATT&CK, and UAEIARegulation
• Relevant security certifications such as OSCP, CISSP, GCIH, or CCSP are advantageous
• Excellent communication skills with the ability to work directly with both engineers and senior stakeholders

• Improve the signal‑to‑noise ratio of SAST findings
• Reduce false positives across the secure development pipeline
• Ensure all critical‑path modules undergo secure code review on a defined rotation
• Raise the overall secure coding maturity across engineering teams
• Identify design‑ and logic‑level vulnerabilities missed by automated tooling

Please apply to be contacted with further information. Salt is acting as an Employment Business in relation to this vacancy.