Senior Security Code ReviewerFull-timeEmployees hybrid mode

Company Description

Ashburn Consulting, LLC, based in the Washington, DC metropolitan area, specializes in providing network and network security solutions in complex environments to a select set of government and business clients. The company, an established leader in its field, is composed of an elite team of engineers and business consultants, each of whom is recognized, and highly regarded, within the network and security communities.

Ashburn is seeking a Senior Security Code Reviewer to support a federal cybersecurity architecture opportunity. This Key Personnel role will lead application security testing, secure code review, Dev Sec Ops  pipeline integration, secure development guidance, risk assessments, and cloud/network security evaluation for a proposal opportunity.

• Conduct security code reviews and risk assessments for applications and enterprise systems.
• Use application security testing tools to identify vulnerabilities and provide remediation guidance.
• Integrate security testing into Dev Sec Ops  and CI/CD pipelines.
• Review application architecture, source code, dependencies, infrastructure-as-code, and deployment practices.
• Support secure coding standards, developer security training, and technical remediation guidance.
• Evaluate and improve cloud, network, and enterprise system security.
• Provide technical writing, reporting, and mentoring to engineering and development teams.
• Support federal cybersecurity compliance objectives and secure development lifecycle requirements.

• Candidates must be U.S. citizens.
• Candidates must be willing and able to work as Ashburn W-2 employees. 1099 and corp-to-corp arrangements are not permitted for these roles.
• DHS EOD / suitability is required.
• 10+ years of experience automating application security scanning processes, Zero Trust integration, and data sanitization for Government or similarly complex enterprise systems.
• Experience deploying and using Application Security Testing platforms such as Checkmarx.
• Experience automating or supporting Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) solutions.
• Advanced security engineering experience across on-premises and cloud environments.
• Experience implementing AWS security best practices, including VPC Flow Logs, Security Lake, and audit monitoring.
• Experience building EKS clusters using Terraform and Kubernetes.
• Experience creating custom hardened AMI builds.
• Experience integrating network security tools such as Palo Alto, Algo Sec, Gigamon, and Corelight.
• Experience reviewing, evaluating, and improving security of complex systems and networks.
• Experience with vulnerability management, SIEM integrations, certificate management, single sign-on implementations, and federal regulatory compliance.
• Demonstrated ability to lead security code reviews and conduct risk assessments.
• Experience developing OS hardening strategies, evaluating firewall policies, and implementing enterprise infrastructure monitoring solutions.
• Strong technical writing, training, and mentoring skills.
• Ability to mentor development teams in secure coding practices and align technical solutions to Government cybersecurity objectives.

• Experience with Burp Suite, Checkmarx One, Port Swigger, Sonar Qube, Fortify, SAST, DAST, SCA, API security testing, or IaC scanning.
• Experience integrating application security testing into CI/CD pipelines.
• Experience with secure coding practices in Java, Python, JavaScript, C#, Ruby, SQL, React, Node.js, Power Shell, Go, or similar languages.
• Experience applying OWASP, NIST, DHS, Dev Sec Ops , and secure software lifecycle practices.
• Secure software certification preferred, such as CSSLP, GIAC secure software credential, EC-Council secure programmer certification, or comparable experience.
• Prior DHS, DOD / DOW or federal application security experience.

Work is equally performed in the field as well as in a normal office environment. Lifting (up to 50lbs) may be required. Ladder climbing may be required. Driving is required. All duties performed with or without reasonable accommodations.

Equal Opportunity Employer/Veterans/Disabled. An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status.

Ashburn Consulting is an Equal Opportunity and affirmative Action Employer. In compliance with the ADAAA, if you have a disability and would like to request accommodation to apply for a position with Ashburn Consulting, please e-mail