Job Description

We are looking for a Senior Security Code Reviewer to join our client’s team in support of a large cyber security program with their federal customer. In this role, you will be responsible for performing security activities associated with reviewing source code, both developed in-house and open source. You will be responsible for the analysis of legacy custom software, web mobile code, database code, and potentially assembly-level issues in application inventory that includes new and legacy systems with complex data flows.

This is a remote position with periodic onsite support in the Washington, DC metro area as required. This is a direct hire role with our client with an anticipated salary range of $150-180k.

Required Experience, Education, and Certifications:

• US Citizenship is required. Must be able to obtain a federal agency-specific Public Trust / Suitability clearance prior to starting.
• Bachelor’s degree in systems engineering, Computer Science, Information Systems or related combination of education and experience technical field is required.
• Must have and maintain at least one of the following certifications:
  • EC-Council Certified Secure Programmer,
  • Certified Secure Software Lifecycle Professional (CSSLP),
  • SANS Global Information Assurance Certification (GIAC), or
  • Secure Software Programmer (.NET or JAVA HP ATP – Fortify Security V1).
• 5+ years of experience in IT Software Development.
• 3+ years specialized experience in performing Secure Code reviews.
• Experience with providing analysis of legacy custom software, web mobile code, database code and potentially assembly-level issues in application inventory that includes new and legacy systems with complex data flows.
• Experience utilizing static and dynamic code scanning tools like HPe Fortify Software Security Center, HPe Web Inspect Enterprise, Sonatype iq Server to perform security assessments.
• Expertise in conducting code reviews for all code changes for a given application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented.
• Prior experience in unraveling legacy code issues to facilitate upgrade and migration to newer systems.
• Experience in conducting market research to identify and implement new tools that provide better code analysis or support languages.
• Experience with identifying false-positives, and documenting and reporting on overall quality of source code from a security perspective.

Required Skills and Qualifications:

• Working knowledge in writing and correcting coding mistakes for source code written in languages like Java, Ruby, C#, JavaScript, PHP, Perl, Python, PowerShell, Go.
• Working knowledge of DevSecOps and development pipeline integration and automation.

Desired Skills, Experience, and Qualifications:

• Experience supporting DHS Agencies. A current DHS Clearance is desired.
• Ability to demonstrate and explain technical concepts to both technical and non-technical audiences.
• Able to clearly communicate with both customers and teammates and provide recommendations for improvements to existing software applications.

Job Tags

Remote job,

Similar Jobs