Sr. Code Reviewer, Software Assurance

Location: Remote (CST or EST)

Clearance Requirement: Must be able to pass a Government Security Background Check

Position Summary

Veterans Engineering is seeking a highly skilled and experienced Sr. Code Reviewer – Software Assurance to perform code reviews published by a team of Software Assurance Analysts responsible for analyzing custom-developed software for security and quality flaws. The ideal candidate will bring a strong software development background, hands-on experience with code scanning tools (Fortify and CodeQL), and proven experience in managing large backlogs of code reviews and guiding secure development practices. This role plays a critical part in maintaining high standards of software security, compliance, and documentation across the development lifecycle. You will work closely with cross-functional customer teams including developers, program managers, security engineers, project managers, and stakeholders.

Key Responsibilities

• Lead detailed manual and automated code reviews from 4+ Software Assurance Analysts to identify security, quality, and compliance issues across custom-developed applications.
• Directly interface with customer leadership on an as needed basis to support customer initiatives.
• Mentor and support a team of Software Assurance Analysts on secure code practices.
• Maintain and improve internal procedures and knowledgebases for secure code analysis.
• Utilize industry-standard tools (e.g., Fortify SCA, CodeQL, SonarQube) to perform static code analysis and interpret results.
• Prioritize and manage large backlog of code review requests, ensuring timely and accurate assessments.
• Provide expert guidance to developers and security analysts on secure coding standards and remediation best practices.
• Collaborate with cross-functional teams including software engineers, program managers, and security teams to ensure alignment with security and quality objectives.
• Maintain detailed documentation of findings, associate risks, and mitigation strategies for customer-facing reports.
• Perform threat modeling and risk analysis to contextualize vulnerabilities and recommend mitigation steps.
• Conduct secure code training and knowledge-sharing sessions to upskill Software Assurance Team members.
• Stay current with emerging technologies, vulnerabilities, and industry standards (e.g., OWASP, NIST, ISO).
• Continuously improve code review processes and tool effectiveness through metrics and feedback loops.

Required Qualifications

• Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or related field (Master’s preferred).
• 8+ years of professional software development experience with strong proficiency in at least two major programming languages (e.g., Java, C#, Python, JavaScript).
• 5+ years of hands-on code review and static analysis experience using tools such as Fortify SCA, CodeQL, or equivalent.
• Proven expertise in secure coding practices and application security frameworks, including OWASP Top 10, CWE/SANS, and threat modeling.
• Strong knowledge of SDLC, DevSecOps practices, and CI/CD integration for automated security testing.
• Background in cybersecurity and risk management, with the ability to evaluate business impact and risk prioritization.
• Experience managing high-volume code review workflows and balancing competing priorities.
• Excellent communication skills, with the ability to convey technical findings clearly to both technical and non-technical stakeholders.
• Certifications strongly preferred: one or more of the following – CISSP, CSSLP, GWAPT, OSWE, or similar.
• Strong analytical and problem-solving skills, with attention to detail and commitment to high-quality work.

Preferred Qualifications

• U.S. Citizen (due to government clearance requirements)
• Bachelor or Masters of Computer Science
• Must be able to pass a government background investigation
• Leadership or mentorship experience in secure software development teams