Job Description

We are looking for a Cybersecurity Code Reviewer - Senior to join our client’s team in support of a large cyber security program with their federal customer. 

This is a remote position within the United States. Occasional onsite support in the Washington, DC metro area may be required. This is a direct hire role with our client with an anticipated salary range of $150-180k.

Responsibilities Include:

• Performing security activities associated with reviewing source code, both developed in-house and open source.
• Analysis and testing of legacy custom software, web mobile code, database code, and potentially assembly-level issues in application inventory that includes new and legacy systems with complex data flows.
• Scanning code, analyzing results, and communicating findings and possible resolutions to development teams and diverse stakeholders, including auditors and managers.

Required Education and Certifications:

• US Citizenship is required. Must be able to obtain a federal agency-specific Public Trust / Suitability clearance prior to starting.
• Bachelor’s degree in systems engineering, Computer Science, Information Systems or related combination of education and experience technical field is required.
• Must have and maintain at least one (1) of the following certifications:
  • EC-Council Certified Secure Programmer,
  • Certified Secure Software Lifecycle Professional (CSSLP),
  • SANS Global Information Assurance Certification (GIAC), or
  • Secure Software Programmer (.NET or JAVA HP ATP – Fortify Security V1).

Required Experience, Skills, and Qualifications:

• Five (5) + years of experience in IT Software Development.
• Three (3) + years specialized experience in performing Secure Code reviews.
• Proficient at scanning code, analyzing results, and communicating findings and possible resolutions to development teams and diverse stakeholders (auditors, managers, etc.).
• Working knowledge of DevSecOps and development pipeline integration and automation.
• Must be proficient in analyzing and testing web applications developed in at least two (2) of the following languages listed below:
  • Java, C, C#, C++, Python, ColdFusion, Ruby, Swift, Objective C, HTML5, SQL, PLSQL, Visual Basic, Go, Scala, React, Node.js, PowerShell, Shell, Perl.
• Experience with providing analysis of legacy custom software, web mobile code, database code and potentially assembly-level issues in application inventory that includes new and legacy systems with complex data flows.
• Experience utilizing static and dynamic code scanning tools like HPe Fortify Software Security Center, HPe Web Inspect Enterprise, Sonatype iq Server to perform security assessments.
• Expertise in conducting code reviews for all code changes for a given application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented.
• Prior experience in unraveling legacy code issues to facilitate upgrade and migration to newer systems.
• Experience in conducting market research to identify and implement new tools that provide better code analysis or support languages.
• Experience with identifying false-positives, and documenting and reporting on overall quality of source code from a security perspective.

Desired Skills, Experience, and Qualifications:

• Experience supporting DHS Agencies. A current DHS Clearance is desired.
• Ability to demonstrate and explain technical concepts to both technical and non-technical audiences.
• Able to clearly communicate with both customers and teammates and provide recommendations for improvements to existing software applications.

Job Tags

Remote job,

Similar Jobs