Windows Application Security Developer
Accord Technologies Inc · Atlanta, GA · 4 mo ago
On-siteInformation TechnologyFull-time
Key Responsibilities
- Interpret Veracode SAST reports — understand CWE classifications, flaw categories, and severity scoring.
- Triage High and Critical findings by exploitability, business impact, and remediation complexity.
- Map each Veracode finding to the relevant source code module — VB6, C#, VB.NET, SQL, Python, or Fortran.
- Prioritize remediation backlog and communicate status to stakeholders and auditors.
- Identify and fix OS command injection vulnerabilities across VB6 and .NET components.
- Identify and fix SQL injection vulnerabilities in VB6, .NET, and any dynamic SQL construction patterns.
- Work within the VB6 codebase — Windows API calls, ActiveX components, and VB6-specific security pitfalls.
- Rebuild applications after applying patches — manage dependencies, resolve build errors, and validate successful compilation.
- Perform unit-level and integration-level testing for each patched module.
- Execute Veracode rescans to confirm vulnerability resolution and track flaw closure rate.
- Conduct regression testing to ensure no functional degradation, performance impact, or breaking changes.
Required Skills & Experience
- Strong hands-on experience with Visual Basic 6 (VB6) — including ADO, Windows API, ActiveX, and VB6 IDE.
- Proficiency in C# and/or VB.NET on .NET Framework — Windows Forms development and data access.
- Deep understanding of SQL injection (remediation: parameterized queries, stored procedures, input validation).
- Proven experience fixing command injection: input sanitization, allowlisting, safe execution patterns.
- Hands-on experience with Veracode SAST — interpreting findings, understanding CWE classifications, and driving flaw closure.
- Knowledge of OWASP Top 10 and secure coding standards applicable to Windows desktop applications.
- Experience with CVSS scoring, vulnerability triage, and remediation prioritization.
- Ability to write and execute security-focused test cases to validate fixes.
- Proficiency with Git or SVN for source code version control and patch management.
- Experience with code review processes, pull requests, and collaborative development workflows.
- Familiarity with issue tracking systems such as JIRA, Azure DevOps, or GitHub Issues.
- Bachelor's or Master's degree in Computer Science, Software Engineering, Cybersecurity, or a related field.
- 8 to 9+ years of professional experience in Windows desktop application development (VB6 / .NET).
- Experience with additional languages in scope: Python , Fortran code review.