By Light HQ

Security Code Reviewer, Senior

Job Locations US-DC | US-Remote
Posted Date 1 year ago(5/23/2020 11:27 AM)
# of Openings


By Light is seeking a Senior Security Code Reviewer to join our team in a proposal to support the U.S. Citizenship and Immigration Services (USCIS) with Cyber Security Defense Services (CSDS). The scope of the project involves protecting USCIS' IT infrastructure and resources, information systems, and the information used in these environments from cybersecurity threats.


Current SEB operations include: deploying and operating cyber security tools, reviewing USCIS source code, assessing the security and effectiveness of USCIS systems, security tools and processes, providing security engineering expertise to other OIT divisions, securing USCIS Networks, operating the USCIS vulnerability management program, and developing and deploying solutions to automate security compliance USCIS systems hosted in cloud environments.


Our team will assess, architect, implement, deploy, and operate solutions for capturing security relevant information (e.g. log data, NetFlow data), and analyzing it to identify markers, patterns, and anomalies
that indicate intrusions, lateral movement, command and control, data exfiltration, or other security issues. We will operate the USCIS Security Event and Incident Management (SIEM) tool, and work collaboratively with development and operational teams to set and implement standards for logging. The system currently in use is Splunk Enterprise.

Required Experience/Qualifications

  • A minimum of 5 years of experience in performing software development, and 3 years of specialized experience performing security code reviews.
  • At least 2 years’ experience utilizing HPe Fortify Software Security Center or other static and dynamic code scanning tools to perform security assessments.
  • A Bachelor’s degree in Computer Science, Information Management or Engineering, or other comparable degree or comparable experience.
  • Demonstrated proficiency at scanning code, analyzing results, and communicating findings and possible resolutions to development teams and diverse stakeholders (auditors, managers, etc.)
  • Have one or more of the following active certifications: EC-Council Certified Secure Programmer, Certified Secure Software Lifecycle Professional (CSSLP), SANS Global Information Assurance Certification (GIAC) Secure Software Programmer (.NET or JAVA), HP ATP – Fortify Security V1, or another comparable certification, or other experience which demonstrates an understanding of the concepts covered by these certifications  
  • Knowledge of  DevSecOps  and development pipeline integration and automation.
  • Proficient in analyzing and testing web applications developed in at a minimum of two (2) of the following languages:  Java, JavaScript, Ruby, C#.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed