Security Code Reviewer (Security Engineer)

The Security Code Reviewer ensures that all code deployed within the government applications and systems is secure, resilient to attacks, and compliant with best security practices. The Security Code Reviewer will be responsible for following secure coding practices regardless of programming language or application of the resultant work. The ideal candidate will have a strong understanding of software development, security vulnerabilities, and an ability to identify and remediate risks within the source code.

The Security Code Reviewer may also apply process improvement, reengineering methodologies, and internet-related methodologies and principles to conduct process modernization projects. Responsible for transitioning existing organizations or project teams in accomplishing the organization's goals or project activities and objectives through improved use of automated processes. The Security Code Review may support activity and data modeling, development of modern business methods, identification of best practices, and creating and assessing performance measurements.

Expert knowledge of the following areas is required :

• Specialized experience with Python, Go, and Java programming languages.
• Architecting and developing web applications using Python data analysis tools / libraries.
• Working with relational databases and APIs.
• Deploying applications using continuous-integration tools / techniques.
• Experience in managing and deploying Python applications in Linux.
• Reviews code created by other developers; provides feedback and guidance on best practices; identifies and remediates security vulnerabilities; optimizes code for efficiency and performance.
• Be excellent with coding version control, configuration management of existing and future web pages and supporting elements.
• Perform testing, debugging, and phased production releases.

Key Tasks and Responsibilities

• Perform detailed security code reviews for new and existing software applications.
• Review code for vulnerabilities, security flaws, and potential exploits.
• Identify security weaknesses within code related to input validation, authentication, authorization, session management, and cryptographic implementations.
• Write detection logic to catch violative content at scale.
• Work with development teams to ensure secure coding practices are implemented in every sprint
• Identify and document security vulnerabilities in source code.
• Provide actionable recommendations to mitigate security risks, including code fixes, design adjustments, and architectural changes.
• Ensure timely remediation of identified security issues and track the progress of resolution.
• Promote secure coding practices and guidelines within the development team.
• Stay current on emerging security threats, vulnerabilities, and industry trends.
• Conduct security training sessions or workshops for developers to enhance their awareness of security vulnerabilities (e.g., OWASP Top 10).
• Collaborate with developers, security engineers, and other stakeholders to align security objectives.
• Create detailed security reports on code assessments and risk analysis.
• Work with project managers and team leads to prioritize security tasks and vulnerabilities based on severity and business impact.
• Utilize various static and dynamic analysis tools to automate security code review processes.
• Assist in the development or improvement of internal security scanning tools and techniques.
• Evaluate the effectiveness of security measures and recommend improvements for future projects.
• Continuously improve the security review process and ensure it aligns with industry standards and regulatory requirements.

Education & Experience

• Bachelors degree or higher and 6 years of experience

The ideal candidate should be able to demonstrate working knowledge with several of the following concepts or technologies :

• Software engineering principles and practices in areas such as requirements, design, construction, testing, maintenance, and configuration management.
• Proven experience in reviewing security of software code in multiple programming languages (e.g., Python, Go, Java, etc. within front and back-end system environments.
• In-depth knowledge of common security vulnerabilities and their mitigations (e.g., OWASP Top 10, SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), etc.).
• Experience with secure coding practices and code review methodologies.
• Familiarity with static and dynamic application security testing tools.
• Strong understanding of encryption algorithms and cryptography standards.
• Familiarity with version control systems (e.g., Git, SVN) and CI / CD pipeline integration.
• Experience with security frameworks and industry best practices (e.g., NIST, ISO 27001, etc.).
• JIRA / Confluence
• DevOps

Certifications

• Relevant commercial certifications desired (Security+, Certified Scrum Developer (CSD), Certified Secure Software Lifecycle Professional (CSSLP), Certified Software Development Professional (CSDP), etc.)

Security Clearance

• Candidate must possess DHS Suitability background investigation or be eligible to qualify for DHS Entry of Duty background investigation followed by DHS Public Trust Clearance.

Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)

• This position is a hybrid role with traveling 1 to 2 days a week to the Springfield, VA office.

Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and / or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.

Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and / or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at 314.952.5138 or

Security Engineer • USA, Virginia, Springfield