A Secure Code Auditor is responsible for reviewing source code to discover if there are any potential security weaknesses, bugs, exploits or violations of programming standards.
They can help to prevent cyber threats by exposing any weaknesses that are found in an organisations computer source code. The ultimate objective is to stop hackers from being able to exploit data or system resources due to inadequately coded software.
The Code Security Auditor will be able to ensure that the source code analysed adheres to any up to date coding standards for the language, operating system or platform.
Typical job duties for the role of secure code auditor include a lead role in investigating and analysing programmed source code. They need to report on any detrimental issues that they find, that make the organisations systems more vulnerable to hackers, and must suggest corrective actions.
In order to produce the report they will need to inspect and evaluate the existing IT systems, management procedures, security protocols and controls.
More specific Security Code Auditor responsibilities may include:
1) Gaining a technical knowledge of an organisations IT Security, technology and Information Systems.
As Security Code Auditor you will work with existing skilled staff, applying your IT Security skills to your review of the organisations source code.
2) Plan and execute source code analysis
You will need to inspect all source code on a line-by-line basis, reviewing authorization, authentication, session and communication protocols for security. As part of the analysis, penetration testing may be required to help confirm vulnerabilities present in the code.
3) Plan and create a source code audit report
You will be expected to produce a source code audit report, identifying clearly any current vulnerabilities within the organisations source code. As part of your work you will need to be able to review and evaluate and third party code and open source libraries that may be called by the organisations code.
4) Aid in implementation of audit report recommendations
You must be able to weight and prioritize all risk factors, interpreting your findings against your pre-defined benchmarks for IT Source code Security. Your role will encompass the delivery of your source code audit report to the organisations professionals and the translation of the report findings into practical next steps that need to be taken to mitigate identified risks. The ability to educate coders and development teams in best practice around source code creation would also potentially be required of you.
Recommended upgrade paths should be clear to follow. Security weaknesses in the source code should have all been identified. Senior IT management and IT Security staff will need to be able to digest and act upon your IT Security Audit reports finings.
Your report may also feed into project planning enabling the organisation to migrate to a more robust security infrastructure. Your report should clearly recommend the required source code changes, the correct IT security tools, threat countermeasures and other tactics to keep the organisations data as secure from threats and exploits as possible going forwards.
You need to be able to clearly and effectively communicate with and report to programmers and coding professionals as well as their managers and senior members of staff.
The job of Security Code Auditor is usually a daytime role, working an average 40 hours per week. Short-term IT Security Code Auditor Contractors and Consultants may be paid a day rate where any additional work is chargeable.
Many employees will desire a Bachelors degree in a related field such as Computer Science, IT or a Cyber-Security related field, but this is not a necessity.
What can you expect to earn as a Security Code Auditor? The position of an IT Security Code Auditor is an important role. Salaries will of course vary depending on your experience, qualifications, the organisation and sector plus whether you are employed on a full-time, short-term Contractor or Consultant basis.
According to Simply Hired* average Salary expectations for the role of Source Code Auditor are $52,000 or £40,000 at a conversion rate of 1.3 for USD/GBP.
Sources: * Simply Hired – http://www.simplyhired.com/salaries-k-source-code-auditor-jobs.html