Job Description
Ashburn is seeking a Senior Security Code Reviewer to support a federal cybersecurity
architecture opportunity. This Key Personnel role will lead application security testing,
secure code review, DevSecOps pipeline integration, secure development guidance, risk
assessments, and cloud/network security evaluation for a proposal opportunity.
Primary Responsibilities
• Conduct security code reviews and risk assessments for applications and
enterprise systems.
• Use application security testing tools to identify vulnerabilities and provide
remediation guidance.
• Integrate security testing into DevSecOps and CI/CD pipelines.
• Review application architecture, source code, dependencies, infrastructure-as
code, and deployment practices.
• Support secure coding standards, developer security training, and technical
remediation guidance.
• Evaluate and improve cloud, network, and enterprise system security.
• Provide technical writing, reporting, and mentoring to engineering and development
teams.
• Support federal cybersecurity compliance objectives and secure development
lifecycle requirements.
Qualifications
Required Qualifications
• Candidates must be willing and able to work as Ashburn W-2 employees. 1099 and
corp-to-corp arrangements are not permitted for these roles.
• DHS EOD / suitability is required.
• 10+ years of experience automating application security scanning processes, Zero
Trust integration, and data sanitization for Government or similarly complex
enterprise systems.
• Experience deploying and using Application Security Testing platforms such as
Checkmarx.
• Experience automating or supporting Zero Trust Network Access (ZTNA) and Secure
Web Gateway (SWG) solutions.
• Advanced security engineering experience across on-premises and cloud
environments.
• Experience implementing AWS security best practices, including VPC Flow Logs,
Security Lake, and audit monitoring.
• Experience building EKS clusters using Terraform and Kubernetes.
• Experience creating custom hardened AMI builds.
• Experience integrating network security tools such as Palo Alto, AlgoSec, Gigamon,
and Corelight.
• Experience reviewing, evaluating, and improving security of complex systems and
networks.
• Experience with vulnerability management, SIEM integrations, certificate
management, single sign-on implementations, and federal regulatory compliance.
• Demonstrated ability to lead security code reviews and conduct risk assessments.
• Experience developing OS hardening strategies, evaluating firewall policies, and
implementing enterprise infrastructure monitoring solutions.
• Strong technical writing, training, and mentoring skills.
• Ability to mentor development teams in secure coding practices and align technical
solutions to Government cybersecurity objectives.
Preferred / Strongly Desired Qualifications
• Experience with Burp Suite, Checkmarx One, PortSwigger, SonarQube, Fortify, SAST,
DAST, SCA, API security testing, or IaC scanning.
• Experience integrating application security testing into CI/CD pipelines.
• Experience with secure coding practices in Java, Python, JavaScript, C#, Ruby, SQL,
React, Node.js, PowerShell, Go, or similar languages.
• Experience applying OWASP, NIST, DHS, DevSecOps, and secure software lifecycle
practices.
• Secure software certification preferred, such as CSSLP, GIAC secure software
credential, EC-Council secure programmer certification, or comparable experience.
• Prior DHS, DOD / DOW or federal application security experience.
Never miss an opportunity! Create an alert based on the job you applied for.
