ZipRecruiter

Log In

1

Product Security Code Review Engineer Jobs in Colorado

Micron

Principal Engineer, Firmware Security

Longmont, CO · On-site

$161K - $318K/yr

Collaborate cross-functionally with firmware, hardware, and product teams to ensure security ... Familiarity with AI-assisted developer tools for coding, testing, and code review (with human ...

Adobe

Senior Product Security Engineer

Denver, CO

$117K - $161K/yr

Perform security architecture reviews for complex CI/CD, cloud, and Kubernetes environments ... Experience implementing GitOps workflows and securing infrastructure-as-code (Terraform ...

next page

Showing results 1-20

All JobsProduct Security Code Review Engineer JobsProduct Security Code Review Engineer Jobs in Colorado

Product Security Code Review Engineer information

What are the key skills and qualifications needed to thrive as a Product Security Code Review Engineer, and why are they important?

To thrive as a Product Security Code Review Engineer, you need a deep understanding of secure coding practices, software development lifecycles, and vulnerability assessment, typically backed by a degree in computer science or a related field. Familiarity with static and dynamic analysis tools, code review platforms, and certifications like CISSP or OSCP is highly valuable. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for explaining security findings and collaborating with development teams. These skills and qualities are vital to identify, communicate, and mitigate security risks in code, ensuring the overall resilience of software products.

What are some typical challenges faced by Product Security Code Review Engineers when coordinating with development teams?

Product Security Code Review Engineers often encounter challenges in balancing security priorities with project timelines and developer workflows. Effective communication is essential, as engineers must clearly explain vulnerabilities and remediation steps to developers who may have varying levels of security expertise. Additionally, they need to ensure that security recommendations are practical and align with the product's architecture, all while fostering a collaborative environment rather than creating bottlenecks. Building strong relationships with development teams and understanding their processes helps streamline secure code adoption and continuous improvement.

What is the difference between Product Security Code Review Engineer vs Software Security Engineer?

AspectProduct Security Code Review EngineerSoftware Security Engineer
Primary FocusReviewing and analyzing source code for security vulnerabilities in productsDesigning and implementing security measures across software systems
Skills & CertificationsSecure coding, code review, security standards (e.g., OWASP), certifications like CSSLPSecurity architecture, threat modeling, secure coding, certifications like CISSP
Work EnvironmentCollaborates with development teams during product developmentWorks on system-wide security strategies and architecture
Industry UsageCommon in product-based companies, especially in tech and cybersecurityFound in organizations focusing on overall security infrastructure

While both roles focus on security, the Product Security Code Review Engineer primarily reviews source code for vulnerabilities in specific products, whereas the Software Security Engineer develops and implements security strategies across software systems. The roles often overlap but differ in scope and focus.

What is a Product Security Code Review Engineer?

A Product Security Code Review Engineer is a cybersecurity professional responsible for analyzing and reviewing application source code to identify and mitigate security vulnerabilities. They work closely with development teams to ensure secure coding practices, review code for compliance with security standards, and recommend fixes for potential security issues. Their goal is to prevent security breaches by catching vulnerabilities early in the software development lifecycle.
What are popular job titles related to Product Security Code Review Engineer jobs in Colorado? For Product Security Code Review Engineer jobs in Colorado, the most frequently searched job titles are:
What job categories do people searching Product Security Code Review Engineer jobs in Colorado look for? The top searched job categories for Product Security Code Review Engineer jobs in Colorado are:
What cities in Colorado are hiring for Product Security Code Review Engineer jobs? Cities in Colorado with the most Product Security Code Review Engineer job openings:
Product Security Code Review Engineer jobs near you
Information System Security Officer

Information System Security Officer

Kratos Defense and Security Solutions

Colorado Springs, CO • On-site

Full-time

Posted 23 days ago

Kratos Defense & Security Solutions rating

7.4

Company rating: 7.4 out of 10

Based on 7 frontline employees who took The Breakroom Quiz

Job description

Job Summary:
Kratos Defense and Security Solutions is a trusted partner in national security technology and systems. They are seeking an Information System Security Officer (ISSO) to support Information Assurance development and sustainment, ensuring compliance with security policies and maintaining operational security posture throughout the system lifecycle.
Responsibilities:
• Perform security assessments such as vulnerability and compliance assessments, threat analysis, security code reviews, and risk assessments to identify potential design and implementation vulnerabilities.
• Participate in regular security self-inspections and audits.
• Assist with the selection and implementation of security controls and features for systems and applications.
• Identify new security features and recommend updates to existing products to ensure security is maintained throughout the product lifecycle.
• Perform security assessments on new and proposed products and technologies to ensure secure integration into the approved baseline.
• Provide product security engineering support and recommendations used to resolve integration and testing issues.
• Create and refine standard RMF Body-of-Evidence artifacts.
• Maintain a standardized set of security product requirements and produce metrics to report performance against those requirements.
• Review and define security diagnostics and tools to facilitate the analysis and reporting of security events.
• Assist other teams with mitigating security risks, responding to product security incidents, and product security related issues.
• Participate in security architecture and design review meetings.
• Manage system access and revocation requests. Track and verify DoD certification requirements in accordance with DoD 8140 guidance.
Qualifications:
Required:
• Solid knowledge of the DISA/DoD Risk Management Framework.
• CompTIA Security+ CE, CASP+, or equivalent cybersecurity certification.
• Experience with security controls, RMF, and STIGs.
• Familiarity with modern IT infrastructure capabilities to include virtualization, cloud deployment, and containerization.
• Self-motivated and comfortable with supporting multiple groups of developers, engineers, test, and deployment.
• Able to clearly communicate technical concepts orally and in written forms to internal and external audiences with technical and non-technical backgrounds.
• Capable of working in a fast-paced team environment.
• Excellent organizational and communication skills and able to effectively interact with managers and technical staff.
• Strong familiarity with cloud technologies and compliance requirements for cloud.
• Top Secret clearance with SCI eligibility required. Candidates with Special Access Program (SAP) experience are highly valued.
Preferred:
• 2 years as an ISSO or equivalent duties.
• Familiarity with eMASS, XACTA, or similar government systems of record.
• Familiarity with Zero Trust Architecture (ZTA) requirements.
• Experience with Windows and RHEL environments.
• Experience with AWS.
• Experience with security tools such in the following areas: Malicious code prevention and analysis (i.e., Trellix), Audit log analysis (Splunk, Greylog, etc.), Patch Management and Vulnerability Analysis (Tenable Security Suite & ACAS), and security tools which support the implementation of DISA STIGs (SCC, Evaluate STIG, STIG Viewer, etc.).
Company:
Kratos Defense & Security Solutions provides mission critical engineering, IT services, and war fighter solutions. Founded in 1994, the company is headquartered in San Diego, USA, with a team of 1001-5000 employees. The company is currently Late Stage.

Apply