Job Description
We are looking for a
Cybersecurity Code Reviewer - Senior to join our client’s team in support of a large cyber security program with their federal customer.
This is a remote position within the United States. Occasional onsite support in the Washington, DC metro area may be required. This is a direct hire role with our client with an anticipated salary range of $150-180k.
Responsibilities Include: - Performing security activities associated with reviewing source code, both developed in-house and open source.
- Analysis and testing of legacy custom software, web mobile code, database code, and potentially assembly-level issues in application inventory that includes new and legacy systems with complex data flows.
- Scanning code, analyzing results, and communicating findings and possible resolutions to development teams and diverse stakeholders, including auditors and managers.
Required Education and Certifications: - US Citizenship is required. Must be able to obtain a federal agency-specific Public Trust / Suitability clearance prior to starting.
- Bachelor’s degree in systems engineering, Computer Science, Information Systems or related combination of education and experience technical field is required.
- Must have and maintain at least one (1) of the following certifications:
- EC-Council Certified Secure Programmer,
- Certified Secure Software Lifecycle Professional (CSSLP),
- SANS Global Information Assurance Certification (GIAC), or
- Secure Software Programmer (.NET or JAVA HP ATP – Fortify Security V1).
Required Experience, Skills, and Qualifications: - Five (5) + years of experience in IT Software Development.
- Three (3) + years specialized experience in performing Secure Code reviews.
- Proficient at scanning code, analyzing results, and communicating findings and possible resolutions to development teams and diverse stakeholders (auditors, managers, etc.).
- Working knowledge of DevSecOps and development pipeline integration and automation.
- Must be proficient in analyzing and testing web applications developed in at least two (2) of the following languages listed below:
- Java, C, C#, C++, Python, ColdFusion, Ruby, Swift, Objective C, HTML5, SQL, PLSQL, Visual Basic, Go, Scala, React, Node.js, PowerShell, Shell, Perl.
- Experience with providing analysis of legacy custom software, web mobile code, database code and potentially assembly-level issues in application inventory that includes new and legacy systems with complex data flows.
- Experience utilizing static and dynamic code scanning tools like HPe Fortify Software Security Center, HPe Web Inspect Enterprise, Sonatype iq Server to perform security assessments.
- Expertise in conducting code reviews for all code changes for a given application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented.
- Prior experience in unraveling legacy code issues to facilitate upgrade and migration to newer systems.
- Experience in conducting market research to identify and implement new tools that provide better code analysis or support languages.
- Experience with identifying false-positives, and documenting and reporting on overall quality of source code from a security perspective.
Desired Skills, Experience, and Qualifications: - Experience supporting DHS Agencies. A current DHS Clearance is desired.
- Ability to demonstrate and explain technical concepts to both technical and non-technical audiences.
- Able to clearly communicate with both customers and teammates and provide recommendations for improvements to existing software applications.
Job Tags
Remote job,