Security Code Reviewer (Security Engineer) with Security Clearance

Job Details

The Security Code Reviewer ensures that all code deployed within government applications and systems is secure, resilient to attacks, and compliant with best security practices. The role involves following secure coding practices across programming languages and application types. The ideal candidate will have a strong understanding of software development, security vulnerabilities, and the ability to identify and remediate risks within source code.

The Security Code Reviewer may also apply process improvement, reengineering methodologies, and internet-related principles to conduct process modernization projects. Responsibilities include transitioning organizations or project teams to achieve organizational goals through improved automated processes, supporting activity and data modeling, developing modern business methods, identifying best practices, and creating performance measurements.

Expert knowledge in the following areas is required:

• Specialized experience with Python, Go, and Java programming languages.
• Architecting and developing web applications using Python data analysis tools/libraries.
• Working with relational databases and APIs.
• Deploying applications using continuous integration tools/techniques.
• Managing and deploying Python applications in Linux.
• Reviewing code created by others, providing feedback on best practices, and identifying security vulnerabilities.
• Building JavaScript functions compatible across multiple browsers on a STIG-compliant platform.
• Version control, configuration management of web pages and supporting elements.
• Performing testing, debugging, and phased production releases.

• Perform detailed security code reviews for new and existing software applications.
• Review code for vulnerabilities, security flaws, and potential exploits.
• Identify security weaknesses related to input validation, authentication, authorization, session management, and cryptography.
• Write detection logic to identify violative content at scale.
• Work with development teams to implement secure coding practices in every sprint.
• Document security vulnerabilities and provide actionable mitigation recommendations.
• Ensure timely remediation and track progress.
• Promote secure coding practices within the development team.
• Stay updated on emerging security threats and industry trends.
• Conduct security training sessions for developers.
• Create security assessment reports and collaborate with stakeholders to prioritize security tasks.
• Utilize static and dynamic analysis tools to automate code review processes.
• Assist in developing or improving internal security scanning tools.
• Evaluate security measures and recommend improvements for future projects.
• Continuously improve the security review process to align with industry standards and regulations.

Bachelor's degree or higher with at least 6 years of experience.

The candidate should demonstrate working knowledge of:

• Software engineering principles and practices.
• Security review of software code in multiple languages (Python, Go, Java).
• Common security vulnerabilities and mitigations (e.g., OWASP Top 10, SQL Injection, XSS, CSRF).
• Secure coding practices and review methodologies.
• Static and dynamic application security testing tools.
• Encryption algorithms and cryptography standards.
• Version control systems (Git, SVN) and CI/CD pipelines.
• Security frameworks and industry standards (NIST, ISO 27001).
• Tools like JIRA/Confluence, DevOps, Agile/Scrum methodologies.

Relevant certifications such as Security+, CSD, CSSLP, CSDP are desirable.

Must possess DHS Suitability background investigation or be eligible for DHS Entry of Duty background investigation, followed by DHS Public Trust Clearance.

This position is hybrid, with travel 1-2 days weekly to Springfield, VA. Computer World Services is an equal opportunity employer committed to inclusion and providing accommodations for individuals with disabilities.