Senior Code Reviewer, Software Assurance

Job not on LinkedIn

November 6

⚔️ Virginia – Remote

Although this job is listed in Virginia, this company may be open to hiring remote in other states.

⏰ Full Time

🟠 Senior

🔒 Insurance

Apply Now

Receive Emails with Similar Jobs

ARETUM

WebsiteLinkedInAll Job Openings

Government • Cybersecurity • Enterprise

ARETUM is a leading government contracting company specializing in technology-enabled mission support services for the Department of Defense, Department of Homeland Security, and Federal-Civilian customers. ARETUM provides leading-edge solutions and services focusing on Next Generation Analytics, Engineering Services, Training Services, IT Services, Cyber Security, PMO Support, and Financial Consulting. The company supports federal government missions and initiatives globally and is a prime contractor on numerous contracts.

501 - 1000 employees

🏛️ Government

🔒 Cybersecurity

🏢 Enterprise

📋 Description

• Conduct detailed manual and automated code reviews to identify security, quality, and compliance issues across custom-developed applications. • Interface with customers on an as needed basis to provide support, enable customer initiatives, and aid in inquiries. • Perform peer reviews of Software Assurance Team members on secure code practices. • Maintain and improve internal procedures and knowledgebases for secure code analysis. • Utilize industry-standard tools (e.g., Fortify SCA, CodeQL, SonarQube) to perform static code analysis and interpret results. • Prioritize large backlog of code review requests, ensuring timely and accurate assessments. • Provide guidance to developers and security analysts on secure coding standards and remediation best practices. • Collaborate with cross-functional teams including software engineers, program managers, and security teams to ensure alignment with security and quality objectives. • Maintain detailed documentation of findings, associate risks, and mitigation strategies for customer-facing reports. • Perform threat modeling and risk analysis to contextualize vulnerabilities and recommend mitigation steps. • Stay current with emerging technologies, vulnerabilities, and industry standards (e.g., OWASP, NIST, ISO). • Attend and actively participate in meetings. • Continuously improve code review processes and tool effectiveness through metrics and feedback loops.

🎯 Requirements

• Master’s degree in Computer Science, Software Engineering, Cybersecurity, or related field. • 10+ years of professional software development experience with strong proficiency in at least two major programming languages (e.g., Java, C#, Python, JavaScript). • 7+ years of hands-on code review and static analysis experience using tools such as Fortify SCA, CodeQL, or equivalent. • Proven expertise in secure coding practices and application security frameworks, including OWASP Top 10, CWE/SANS, and threat modeling. • Strong knowledge of SDLC, DevSecOps practices, and CI/CD integration for automated security testing. • Background in cybersecurity and risk management, with the ability to evaluate business impact and risk prioritization. • Experience managing high-volume code review workflows and balancing competing priorities. • Excellent communication skills, with the ability to convey technical findings clearly to both technical and non-technical stakeholders. • Strong analytical and problem-solving skills, with attention to detail and commitment to high-quality work.