1

Product Security Code Review Engineer Jobs in Washington

Application Security Engineer

Washington, DC · On-site

$66.50 - $89/hr

... code and design reviews of all internal and external software products. Work with application developers ensure adoption of security principals and best practices. 6. Provides direction and support ...

... code and design reviews of all internal and external software products. Work with application developers ensure adoption of security principals and best practices. 6. Provides direction and support ...

Product Security Engineer

Washington, DC · On-site

$175K - $210K/yr

As a Product Security Engineer you will play a key role in shaping how security works across our ... Review code and infrastructure to find and fix security risks. Help teams use secure patterns that ...

next page

Showing results 1-20

Product Security Code Review Engineer information

What are the key skills and qualifications needed to thrive as a Product Security Code Review Engineer, and why are they important?

To thrive as a Product Security Code Review Engineer, you need a deep understanding of secure coding practices, software development lifecycles, and vulnerability assessment, typically backed by a degree in computer science or a related field. Familiarity with static and dynamic analysis tools, code review platforms, and certifications like CISSP or OSCP is highly valuable. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for explaining security findings and collaborating with development teams. These skills and qualities are vital to identify, communicate, and mitigate security risks in code, ensuring the overall resilience of software products.

What are some typical challenges faced by Product Security Code Review Engineers when coordinating with development teams?

Product Security Code Review Engineers often encounter challenges in balancing security priorities with project timelines and developer workflows. Effective communication is essential, as engineers must clearly explain vulnerabilities and remediation steps to developers who may have varying levels of security expertise. Additionally, they need to ensure that security recommendations are practical and align with the product's architecture, all while fostering a collaborative environment rather than creating bottlenecks. Building strong relationships with development teams and understanding their processes helps streamline secure code adoption and continuous improvement.

What is the difference between Product Security Code Review Engineer vs Software Security Engineer?

AspectProduct Security Code Review EngineerSoftware Security Engineer
Primary FocusReviewing and analyzing source code for security vulnerabilities in productsDesigning and implementing security measures across software systems
Skills & CertificationsSecure coding, code review, security standards (e.g., OWASP), certifications like CSSLPSecurity architecture, threat modeling, secure coding, certifications like CISSP
Work EnvironmentCollaborates with development teams during product developmentWorks on system-wide security strategies and architecture
Industry UsageCommon in product-based companies, especially in tech and cybersecurityFound in organizations focusing on overall security infrastructure

While both roles focus on security, the Product Security Code Review Engineer primarily reviews source code for vulnerabilities in specific products, whereas the Software Security Engineer develops and implements security strategies across software systems. The roles often overlap but differ in scope and focus.

What is a Product Security Code Review Engineer?

A Product Security Code Review Engineer is a cybersecurity professional responsible for analyzing and reviewing application source code to identify and mitigate security vulnerabilities. They work closely with development teams to ensure secure coding practices, review code for compliance with security standards, and recommend fixes for potential security issues. Their goal is to prevent security breaches by catching vulnerabilities early in the software development lifecycle.
What job categories do people searching Product Security Code Review Engineer jobs in Washington look for? The top searched job categories for Product Security Code Review Engineer jobs in Washington are:
AI Code Review Engineer

AI Code Review Engineer

Gridiron IT Solutions LLC

Reston, VA • Remote

$85K - $120K/yr

Contractor

Medical, Dental, Vision

Posted 7 days ago


Job description

AI Code Review Engineer (AI/ML + Secure Code Analysis)

Location: Remote

Overview

We are seeking an AI Code Review Engineer to evaluate, audit, and improve AI-generated and human-written code across modern software environments. This role sits at the intersection of software engineering, AI/ML, and secure development, ensuring code quality, performance, and compliance with best practices.

·        You will work closely with developers, DevSecOps teams, and AI platforms to analyze outputs from tools such as GitHub Copilot, ChatGPT, and other LLM-based coding systems, ensuring safe, efficient, and production-ready code.

Key Responsibilities

·        Review and validate AI-generated code for correctness, efficiency, and maintainability

·        Perform manual and automated code reviews across multiple languages (Python, Java, JavaScript, etc.)

·        Identify and remediate security vulnerabilities (OWASP Top 10, SAST/DAST findings)

·        Evaluate AI outputs for:

o   Logic errors

o   Hallucinated dependencies or APIs

o   Inefficient or non-scalable patterns

·        Partner with engineering teams to establish AI coding standards and governance frameworks

·        Develop and maintain code review guidelines specific to AI-assisted development

·        Implement or integrate tools for:

o   Static code analysis (SonarQube, Checkmarx, etc.)

o   AI code validation and linting

·        Provide feedback loops to improve AI model outputs and prompt engineering strategies

·        Support DevSecOps pipelines by embedding automated code quality and security checks

Required Qualifications

·        5+ years of experience in software engineering or code review roles

·        Strong proficiency in at least one major language:

·        Python, Java, JavaScript/TypeScript, or C++

·        Experience with code review processes (GitHub, GitLab, Bitbucket)

·        Knowledge of secure coding practices and application security principles

·        Familiarity with AI/ML tools used in development (e.g., GitHub Copilot, OpenAI APIs, LLMs)

·        Experience with static/dynamic code analysis tools

·        Understanding of software design patterns and scalable architectures

Preferred Qualifications

·        Experience reviewing or validating AI-generated code outputs

·        Background in machine learning or prompt engineering

·        Knowledge of DevSecOps pipelines and CI/CD tools (Jenkins, Azure DevOps, GitHub Actions)

·        Experience with cloud environments (AWS, Azure, GCP)

·        Familiarity with policy/governance frameworks for AI usage

·        Experience in regulated or secure environments (DoD, FedGov, finance, healthcare)

Compensation and Benefits

Salary Range: $85,000 - $120,000 (Compensation is determined by various factors, including but not limited to location, work experience, skills, education, certifications, seniority, and business needs. This range may be modified in the future.)

Benefits: Gridiron offers a comprehensive benefits package including medical, dental, vision insurance, HSA, FSA, 401(k), disability & ADD insurance, life and pet insurance to eligible employees. Full-time and part-time employees working at least 30 hours per week on a regular basis are eligible to participate in Gridiron’s benefits programs.

Gridiron IT Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status.

Gridiron IT is a Women Owned Small Business (WOSB) headquartered in the Washington, D.C. area that supports our clients' missions throughout the United States. Gridiron IT specializes in providing comprehensive IT services tailored to meet the needs of federal agencies. Our capabilities include IT Infrastructure & Cloud Services, Cyber Security, Software Integration & Development, Data Solution & AI, and Enterprise Applications. These capabilities are backed by Gridiron IT's experienced workforce and our commitment to ensuring we meet and exceed our clients' expectations.