They tell me to only review security in the security reviews I'm doing (and if I bring to attention that they're implementing a weak encryption so even though they're not using it at the moment it might cause issues so be careful with that they say to only review security 😵) and then I see this mssql in a where:
AND ISNULL(field, 0) IS NULL
And I think wtf, should I report that? I did and it's a bug and they're thanking me now....
God dammit it's hard to "review security" here...

How did you land that security job? Want to find one myself 😃

@linuxxx it's not a security job, I'm a regular developer certified (loosely) in security and I guess the payment gateway team are not allowed to their own security reviews or something so a few of us that are certified and work in other teams do the security reviews for them. Which is a nice change of pace when I have a security review, but sometimes it's just going through shitty code which pretty much just changes some historic data to fix it. And then if you see that they're changing something suspect and raise it you're told to only look at the security of the code 😖
But yeah, when it's nice code it's nice to actually check it for security.
To take a break from the regular bugs and urgent change requests that break everything :)

@Bikonja Ah fair enough, thanks'