Veterans Engineering is seeking a Code Reviewer, Software Assurance to perform code scan reviews and analyze custom-developed software for security and quality flaws to maintain high standards of software security, compliance, and documentation.
Requirements
- 10+ years of professional software development experience with strong proficiency in at least two major programming languages (e.g., Java, C-Sharp, Python, JavaScript).
- 7+ years of hands-on code review and static analysis experience using tools such as Fortify SCA, CodeQL, or equivalent.
- Proven expertise in secure coding practices and application security frameworks, including OWASP Top 10, CWE/SANS, and threat modeling.
- Strong knowledge of SDLC, DevSecOps practices, and CI/CD integration for automated security testing.
- Background in cybersecurity and risk management, with the ability to evaluate business impact and risk prioritization.
- Experience managing high-volume code review workflows and balancing competing priorities.
Responsibilities
- Conduct detailed manual and automated code reviews to identify security, quality, and compliance issues across custom-developed applications.
- Utilize industry-standard tools (e.g., Fortify SCA, CodeQL, SonarQube) to perform static code analysis and interpret results.
- Prioritize large backlog of code review requests, ensuring timely and accurate assessments.
- Provide guidance to developers and security analysts on secure coding standards and remediation best practices.
- Maintain detailed documentation of findings, associate risks, and mitigation strategies for customer-facing reports.
- Perform threat modeling and risk analysis to contextualize vulnerabilities and recommend mitigation steps.
- Continuously improve code review processes and tool effectiveness through metrics and feedback loops.
Other
- Master’s degree in Computer Science, Software Engineering, Cybersecurity, or related field.
- Interface with customers on an as needed basis to provide support, enable customer initiatives, and aid in inquiries.
- Collaborate with cross-functional teams including software engineers, program managers, and security teams to ensure alignment with security and quality objectives.
- Stay current with emerging technologies, vulnerabilities, and industry standards (e.g., OWASP, NIST, ISO).
- Attend and actively participate in meetings.
- Occasional travel may be required based on project needs, client meetings, team collaboration events, or training sessions. Travel is expected to be less than 10% and will be communicated in advance whenever possible.
- Due to federal contract requirements, only U.S. citizens are eligible for this position. This position supports a federal government contract and requires the ability to obtain and maintain a Public Trust or Suitability Determination, depending on the agency’s background investigation requirements.
