Windows Application Security Developer
Location: Atlanta, GA
Duration: 6-12 months
Skills needed ; Windows application development & security, Veracode Remediation | VB6 / C# / VB.NET | Fotran | Python | .Net framework | SQL Server| SQL| Veracode| Windows Desktop
ROLE
We are seeking an experienced Application Security Developer to lead the remediation of security vulnerabilities in legacy windows application.
The primary focus is on resolving High and Critical severity findings - specifically Command Injection and SQL Injection - across a mixed-language Windows desktop application codebase.
The ideal candidate brings deep expertise in legacy VB6 development, modern .NET (C# and/or VB.NET), secure coding practices, and hands-on experience interpreting and fixing Veracode findings.
This is a security-first development role requiring both strong technical skills and a methodical approach to vulnerability triage, remediation, and validation.
SYSTEM & APPLICATION CONTEXT
| Component | Technology | Notes |
| Primary Language | Visual Basic 6 (VB6) | Legacy codebase; primary source of Veracode findings |
| Additional Languages | C#, VB.NET (.NET Framework) | Windows Forms modules; subject to SAST scans |
| Supporting Languages | Fortran, Python | Peripheral components; may have ancillary findings |
| UI Framework | Windows Forms (.NET Framework) | Input/output surfaces; injection risk areas |
| Database | SQL Server / SQL (ADO/ADO.NET) | Parameterized query remediation required |
| Platform | Windows OS (7 / 10 / 11) | Desktop deployment; MSI packaging |
| SAST Tool | Veracode | Source of all vulnerability findings for this role |
-
Interpret Veracode SAST reports - understand CWE classifications, flaw categories, and severity scoring.
-
Triage High and Critical findings by exploitability, business impact, and remediation complexity.
-
Map each Veracode finding to the relevant source code module - VB6, C#, VB.NET, SQL, Python, or Fortran.
-
Prioritize remediation backlog and communicate status to stakeholders and auditors.
-
Identify and fix OS command injection vulnerabilities across VB6 and .NET components.
-
Identify and fix SQL injection vulnerabilities in VB6, .NET, and any dynamic SQL construction patterns.
-
Work within the VB6 codebase - Windows API calls, ActiveX components, and VB6-specific security pitfalls.
-
Rebuild applications after applying patches - manage dependencies, resolve build errors, and validate successful compilation.
-
Perform unit-level and integration-level testing for each patched module.
-
Execute Veracode rescans to confirm vulnerability resolution and track flaw closure rate.
-
Conduct regression testing to ensure no functional degradation, performance impact, or breaking changes.
-
Maintain documentation: root cause analysis, code changes, testing approach, and residual risk per finding.
REQUIRED SKILLS & EXPERIENCE
-
Strong hands-on experience with Visual Basic 6 (VB6) - including ADO, Windows API, ActiveX, and VB6 IDE.
-
Proficiency in C# and/or VB.NET on .NET Framework - Windows Forms development and data access.
-
Deep understanding of SQL injection (remediation: parameterized queries, stored procedures, input validation.
-
Proven experience fixing command injection: input sanitization, allowlisting, safe execution patterns.
-
Hands-on experience with Veracode SAST - interpreting findings, understanding CWE classifications, and driving flaw closure.
-
Knowledge of OWASP Top 10 and secure coding standards applicable to Windows desktop applications.
-
Experience with CVSS scoring, vulnerability triage, and remediation prioritization.
-
Ability to write and execute security-focused test cases to validate fixes.
-
Proficiency with Git or SVN for source code version control and patch management.
-
Experience with code review processes, pull requests, and collaborative development workflows.
-
Familiarity with issue tracking systems such as JIRA, Azure DevOps, or GitHub Issues.
-
Bachelor's or Master's degree in Computer Science, Software Engineering, Cybersecurity, or a related field.
-
8 to 9+ years of professional experience in Windows desktop application development (VB6 / .NET)
-
Experience with additional languages in scope: Python , Fortran code review.