Sr. Security Code Reviewer
Description:
Job Description
Description:
Sr. Security Code Reviewer
As a Senior Security Code Reviewer at Zen Strategics, you will be supporting the mission of a progressive Federal agency You will perform security activities associated with reviewing source code, both developed inhouse and open source, used in Federal organization’s applications. The successful candidate will be providing analysis of legacy custom software, web mobile code, database code, and potentially assembly-level issues in application inventory that includes new and legacy systems with complex data flows.
Requirements:
· Experience with providing analysis of legacy custom software, web mobile code, database code and potentially assembly-level issues in application inventory that includes new and legacy systems with complex data flows.
· Experience utilizing static and dynamic code scanning tools like HPe Fortify Software Security Center, HPe Web Inspect Enterprise, Sonatype iq Server to perform security assessments.
· Working knowledge in writing and correcting coding mistakes for source code written in languages like Java, Ruby, C#, JavaScript, PHP, Perl, Python, PowerShell, Go.
· Expertise in conducting code reviews for all code changes for a given application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented.
· Prior experience in unraveling legacy code issues to facilitate upgrade and migration to newer systems.
· Experience in conducting market research to identify and implement new tools that provide better code analysis or support languages.
· Experience with identifying false-positives, and documenting and reporting on overall quality of source code from a security perspective.
· Working knowledge of DevSecOps and development pipeline integration and automation.
Requirements:
Desired Skills:
Experience supporting DHS Agencies.
Ability to demonstrate and explain technical concepts to both technical and non-technical audiences?.
Able to clearly communicate with both customers and teammates and provide recommendations for improvements to existing software applications?.
Years of Experience: Minimum of 5 years of experience in IT Software Development, and 3 years specialized experience in performing Secure Code reviews.
Education: Bachelor’s degree in systems engineering, Computer Science, Information Systems or related combination of education and experience technical field is required.
Certifications: Contractors shall have ONE of the following active certifications: · EC-Council Certified Secure Programmer· Certified Secure Software Lifecycle Professional (CSSLP)· SANS Global Information Assurance Certification (GIAC) · Secure Software Programmer (.NET or JAVA HP ATP – Fortify Security V1)
Location: This position can be staffed at the Government’s facility within the Washington D.C. Metropolitan Area or any locations in the United States with requirement for occasional travel to the government facility in the DC Area.
Clearance: Must be a US Citizen and able to obtain a Government Agency clearance.