The Code Reviewer will be part of a multi-functional team. Responsibilities include, but are not limited to:
Review, analyze, assist in prioritization of findings; develop actionable reports for business unit and IT project teams responsible for mitigating vulnerabilities. Develop and document a repeatable process for reviewing, analyzing, assisting in prioritization of findings and developing actionable reports; support IRS in execution of network/operating system and database vulnerability scans. Operate and maintain the Enterprise Static Application Security Testing (SAST) software (currently AppScan Source). Assist business unit and IT project teams in understanding scan output. Assist in enabling application projects development teams to understand how to leverage scanning tools during the development process to help them meet S NIST 800-53 SA-11 security requirements in a rapid development and DevOps environments Build and document repeatable processes for integration of the scanning tools into the rapid development process.
Certifications: One or more of the following: CISSP, EC-Council Certified Secure Programmer, Certified Secure Software Lifecycle Professional (CSSLP), SANS Global Information Assurance Certification (GIAC) Secure Software Programmer (.NET or JAVA), HP ATP – Fortify Security V1, or another comparable certification and or experience.
Education: Bachelor’s degree in related technical field
Clearance Level: Must be able to Pass Public Trust Clearance
Technical and Management Resources, Inc. is an Equal Opportunity Employer and does not discriminate with regard to race, color, religion, sex, age, national origin, disability, or Vietnam veteran status. This policy affirms TMR’s commitment to the principles of fair employment and the elimination of discriminatory practices. We encourage all employees to take advantage of opportunities for promotion as they occur.