Senior Security Code Reviewer

About The Position

Requirements

• Candidates must be U.S. citizens.
• Candidates must be willing and able to work as Ashburn W-2 employees. 1099 and corp-to-corp arrangements are not permitted for these roles.
• DHS EOD / suitability is required.
• 10+ years of experience automating application security scanning processes, Zero Trust integration, and data sanitization for Government or similarly complex enterprise systems.
• Experience deploying and using Application Security Testing platforms such as Checkmarx.
• Experience automating or supporting Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) solutions.
• Advanced security engineering experience across on-premises and cloud environments.
• Experience implementing AWS security best practices, including VPC Flow Logs, Security Lake, and audit monitoring.
• Experience building EKS clusters using Terraform and Kubernetes.
• Experience creating custom AMI builds.
• Experience integrating network security tools such as Palo Alto, AlgoSec, Gigamon, and Corelight.
• Experience reviewing, evaluating, and improving security of complex systems and networks.
• Experience with vulnerability management, SIEM integrations, certificate management, single sign-on implementations, and federal regulatory compliance.
• Demonstrated ability to lead security code reviews and conduct risk assessments.
• Experience developing OS hardening strategies, evaluating firewall policies, and implementing enterprise infrastructure monitoring solutions.
• Strong technical writing, training, and mentoring skills.
• Ability to mentor development teams in secure coding practices and align technical solutions to Government cybersecurity objectives.

Nice To Haves

• Experience with Burp Suite, Checkmarx One, PortSwigger, SonarQube, Fortify, SAST, DAST, SCA, API security testing, or IaC scanning.
• Experience integrating application security testing into CI/CD pipelines.
• Experience with secure coding practices in Java, Python, JavaScript, C#, Ruby, SQL, React, Node.js, PowerShell, Go, or similar languages.
• Experience applying OWASP, NIST, DHS, DevSecOps, and secure software lifecycle practices.
• Secure software certification preferred, such as CSSLP, GIAC secure software credential, EC-Council secure programmer certification, or comparable experience.
• Prior DHS, DOD / DOW or federal application security experience.

Responsibilities

• Conduct security code reviews and risk assessments for applications and enterprise systems.
• Use application security testing tools to identify vulnerabilities and provide remediation guidance.
• Integrate security testing into DevSecOps and CI/CD pipelines.
• Review application architecture, source code, dependencies, infrastructure-as-code, and deployment practices.
• Support secure coding standards, developer security training, and technical remediation guidance.
• Evaluate and improve cloud, network, and enterprise system security.
• Provide technical writing, reporting, and mentoring to engineering and development teams.
• Support federal cybersecurity compliance objectives and secure development lifecycle requirements.

Benefits

• Equal Opportunity Employer/Veterans/Disabled.
• An Equal Opportunity Employer.
• All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status
• Ashburn Consulting is an Equal Opportunity Affirmative Action Employer.
• In compliance with the American with Disabilities Act Amendments Act (ADAAA), if you have a disability and would like to request and accommodation in order to apply for a position with Ashburn Consulting, please e-mail [email protected].