Code Reviewer, Software Assurance - Senior

Master’s degree in Computer Science, Software Engineering, Cybersecurity, or related field 10+ years of professional software development experience Strong proficiency in at least two major programming languages (e.g., Java, C#, Python, JavaScript) 7+ years of hands-on code review and static analysis experience using tools such as Fortify SCA, CodeQL, or equivalent Proven expertise in secure coding practices and application security frameworks, including OWASP Top 10, CWE/SANS, and threat modeling Strong knowledge of SDLC, DevSecOps practices, and CI/CD integration for automated security testing Background in cybersecurity and risk management Ability to evaluate business impact and risk prioritization Experience managing high-volume code review workflows and balancing competing priorities Excellent communication skills, with the ability to convey technical findings clearly to both technical and non-technical stakeholders Strong analytical and problem-solving skills, with attention to detail and commitment to high-quality work

Conduct detailed manual and automated code reviews to identify security, quality, and compliance issues Interface with customers on an as needed basis to provide support and aid in inquiries Perform peer reviews of Software Assurance Team members on secure code practices Maintain and improve internal procedures and knowledgebases for secure code analysis Utilize industry-standard tools (e.g., Fortify SCA, CodeQL, SonarQube) to perform static code analysis and interpret results Prioritize large backlog of code review requests, ensuring timely and accurate assessments Provide guidance to developers and security analysts on secure coding standards and remediation best practices Collaborate with cross-functional teams including software engineers, program managers, and security teams Maintain detailed documentation of findings, associate risks, and mitigation strategies for customer-facing reports Perform threat modeling and risk analysis to contextualize vulnerabilities and recommend mitigation steps Stay current with emerging technologies, vulnerabilities, and industry standards Attend and actively participate in meetings Continuously improve code review processes and tool effectiveness through metrics and feedback loops