Authority Partners is seeking a Senior Code Reviewer for a specialist security and quality gate role on an AI Native platform engagement. This role exists specifically because of the AI Native delivery model — you do not build features, you gate the security and test quality of what AI agents produce. As the third member of the mandatory 3-person review panel, you own the security anti-pattern dimension on all identity, payment, and video authentication code, run SAST tooling across every PR, and audit AI-generated test suites for structural completeness.

Requirements:

• 6+ years of security engineering or senior backend engineering with a strong security focus
• OWASP Top 10 at code review depth: practical identification of SQL injection via ORM misuse, XSS in React Server Components, CSRF on mutation endpoints, SSRF in HTTP clients, broken object-level authorisation in TypeScript/Node.js and Next.js
• OAuth 2.0 and OIDC security review: algorithm confusion attacks, missing audience/issuer validation, incorrect token lifetime, refresh token theft, PKCE enforcement failures in AI-generated authentication middleware
• Direct experience reviewing AI-generated code in a production context: understanding AI code failure modes, hallucinated API usage, tautological assertions, happy-path-only coverage, security logic in the wrong layer
• Hands-on SAST tool experience (Semgrep, SonarQube, Snyk, or equivalent): writing custom rules, triaging findings, distinguishing true positives from false positives in a TypeScript monorepo
• Experience auditing test suites for structural completeness: identifying missing edge cases, incorrect assertions, and compliance scenario gaps in AI-generated test output

Nice to Have:

• Stryker mutation testing setup for TypeScript: configuration, survivor analysis, CI/CD integration as a blocking gate
• Keycloak security review: overly permissive RBAC policies, incorrect public vs. confidential client configuration, missing PKCE enforcement, session fixation vulnerabilities
• Stripe integration security review: webhook signature verification, PCI-DSS surface minimisation, double-charge prevention, idempotency key discipline
• Property-based testing with fast-check for TypeScript: financial calculation functions and entitlement matrix logic
• Penetration testing coordination: preparing platforms for third-party pen testing and remediating findings

AP Perks:

• Most cutting-edge technologies 
• Opportunity to work with people who are at the top of their field 
• Great culture and environment 
• Competitive remuneration package. We reward excellence 
• Referral bonus 
• Career growth 
• Collaborative learning environment 
• Mentorship programs 
• Professional training 

About Authority Partners:
Authority Partners is a leading global IT services company with over 27 years of experience, serving clients across the financial, healthcare, insurance, mortgage, and technology sectors, among others. We are committed to building relationships with IT professionals who possess integrity, dedication, teamwork, and the desire to learn and grow with us. We specialize in placement for long-term contracts and permanent opportunities, and helping our consultants achieve their career success.

Authority Partners is an equal opportunity employer and is committed to providing a workplace that is free from all types of discrimination, as well as from abusive or offensive behavior and harassment