Senior Security Code Reviewer

Job Description Ashburn is seeking a Senior Security Code Reviewer to support a federal cybersecurity architecture opportunity. This Key Personnel role will lead application security testing, secure code review, DevSecOps pipeline integration, secure development guidance, risk assessments, and cloud/network security evaluation for a proposal opportunity. Primary Responsibilities Conduct security code reviews and risk assessments for applications and enterprise systems. Use application security testing tools to identify vulnerabilities and provide remediation guidance. Integrate security testing into DevSecOps and CI/CD pipelines. Review application architecture, source code, dependencies, infrastructure-as code, and deployment practices. Support secure coding standards, developer security training, and technical remediation guidance. Evaluate and improve cloud, network, and enterprise system security. Provide technical writing, reporting, and mentoring to engineering and development teams. Support federal cybersecurity compliance objectives and secure development lifecycle requirements. Qualifications Required Qualifications Candidates must be willing and able to work as Ashburn W-2 employees. 1099 and corp-to-corp arrangements are not permitted for these roles. DHS EOD / suitability is required. 10+ years of experience automating application security scanning processes, Zero Trust integration, and data sanitization for Government or similarly complex enterprise systems. Experience deploying and using Application Security Testing platforms such as Checkmarx. Experience automating or supporting Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) solutions. Advanced security engineering experience across on-premises and cloud environments. Experience implementing AWS security best practices, including VPC Flow Logs, Security Lake, and audit monitoring. Experience building EKS clusters using Terraform and Kubernetes. Experience creating custom hardened AMI builds. Experience integrating network security tools such as Palo Alto, AlgoSec, Gigamon, and Corelight. Experience reviewing, evaluating, and improving security of complex systems and networks. Experience with vulnerability management, SIEM integrations, certificate management, single sign-on implementations, and federal regulatory compliance. Demonstrated ability to lead security code reviews and conduct risk assessments. Experience developing OS hardening strategies, evaluating firewall policies, and implementing enterprise infrastructure monitoring solutions. Strong technical writing, training, and mentoring skills. Ability to mentor development teams in secure coding practices and align technical solutions to Government cybersecurity objectives.

Preferred / Strongly

Desired Qualifications Experience with Burp Suite, Checkmarx One, PortSwigger, SonarQube, Fortify, SAST, DAST, SCA, API security testing, or IaC scanning. Experience integrating application security testing into CI/CD pipelines. Experience with secure coding practices in Java, Python, JavaScript, C#, Ruby, SQL, React, Node.js, PowerShell, Go, or similar languages. Experience applying OWASP, NIST, DHS, DevSecOps, and secure software lifecycle practices. Secure software certification preferred, such as

CSSLP, GIAC

secure software credential, EC-Council secure programmer certification, or comparable experience. Prior

DHS, DOD

/ DOW or federal application security experience.