ZipRecruiter

Log In

1

Product Security Code Review Engineer Jobs in Washington

Eliassen Group

Application Security Engineer

Washington, DC · On-site

$66.50 - $89/hr

... code and design reviews of all internal and external software products. Work with application developers ensure adoption of security principals and best practices. 6. Provides direction and support ...

Eliassen Group

Application Security Engineer

Washington, DC

$66.50 - $89/hr

... code and design reviews of all internal and external software products. Work with application developers ensure adoption of security principals and best practices. 6. Provides direction and support ...

Gecko Robotics

Product Security Engineer

Washington, DC · On-site

$175K - $210K/yr

As a Product Security Engineer you will play a key role in shaping how security works across our ... Review code and infrastructure to find and fix security risks. Help teams use secure patterns that ...

Ciena

Product Security Detection Engineer

Hanover, MD

$76K - $122K/yr

... reviews. Thenice to haves: * 8+ years in security engineering, detection engineering, or product ... Hands-on experience with threat detection logic, MITRE ATT&CK mapping, and detection-as-code ...

next page

Showing results 1-20

All JobsProduct Security Code Review Engineer JobsProduct Security Code Review Engineer Jobs in Washington

Product Security Code Review Engineer information

What are the key skills and qualifications needed to thrive as a Product Security Code Review Engineer, and why are they important?

To thrive as a Product Security Code Review Engineer, you need a deep understanding of secure coding practices, software development lifecycles, and vulnerability assessment, typically backed by a degree in computer science or a related field. Familiarity with static and dynamic analysis tools, code review platforms, and certifications like CISSP or OSCP is highly valuable. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for explaining security findings and collaborating with development teams. These skills and qualities are vital to identify, communicate, and mitigate security risks in code, ensuring the overall resilience of software products.

What are some typical challenges faced by Product Security Code Review Engineers when coordinating with development teams?

Product Security Code Review Engineers often encounter challenges in balancing security priorities with project timelines and developer workflows. Effective communication is essential, as engineers must clearly explain vulnerabilities and remediation steps to developers who may have varying levels of security expertise. Additionally, they need to ensure that security recommendations are practical and align with the product's architecture, all while fostering a collaborative environment rather than creating bottlenecks. Building strong relationships with development teams and understanding their processes helps streamline secure code adoption and continuous improvement.

What is the difference between Product Security Code Review Engineer vs Software Security Engineer?

AspectProduct Security Code Review EngineerSoftware Security Engineer
Primary FocusReviewing and analyzing source code for security vulnerabilities in productsDesigning and implementing security measures across software systems
Skills & CertificationsSecure coding, code review, security standards (e.g., OWASP), certifications like CSSLPSecurity architecture, threat modeling, secure coding, certifications like CISSP
Work EnvironmentCollaborates with development teams during product developmentWorks on system-wide security strategies and architecture
Industry UsageCommon in product-based companies, especially in tech and cybersecurityFound in organizations focusing on overall security infrastructure

While both roles focus on security, the Product Security Code Review Engineer primarily reviews source code for vulnerabilities in specific products, whereas the Software Security Engineer develops and implements security strategies across software systems. The roles often overlap but differ in scope and focus.

What is a Product Security Code Review Engineer?

A Product Security Code Review Engineer is a cybersecurity professional responsible for analyzing and reviewing application source code to identify and mitigate security vulnerabilities. They work closely with development teams to ensure secure coding practices, review code for compliance with security standards, and recommend fixes for potential security issues. Their goal is to prevent security breaches by catching vulnerabilities early in the software development lifecycle.
What are popular job titles related to Product Security Code Review Engineer jobs in Washington? For Product Security Code Review Engineer jobs in Washington, the most frequently searched job titles are:
What job categories do people searching Product Security Code Review Engineer jobs in Washington look for? The top searched job categories for Product Security Code Review Engineer jobs in Washington are:
Product Security Code Review Engineer jobs near you
Infographic showing various Product Security Code Review Engineer job openings in Washington as of June 2026, with employment types broken down into 92% Full Time, 5% Part Time, 1% Temporary, and 2% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution.
Senior Security Code Reviewer

Senior Security Code Reviewer

Ashburn Consulting

Camp Springs, MD

$120K - $164K/yr

Other

Posted 11 days ago

Job description

Job Description 
Ashburn is seeking a Senior Security Code Reviewer to support a federal cybersecurity 
architecture opportunity. This Key Personnel role will lead application security testing, 
secure code review, DevSecOps pipeline integration, secure development guidance, risk 
assessments, and cloud/network security evaluation for a proposal opportunity. 


Primary Responsibilities 
• Conduct security code reviews and risk assessments for applications and 
enterprise systems. 
• Use application security testing tools to identify vulnerabilities and provide 
remediation guidance. 
• Integrate security testing into DevSecOps and CI/CD pipelines. 
• Review application architecture, source code, dependencies, infrastructure-as
code, and deployment practices. 
• Support secure coding standards, developer security training, and technical 
remediation guidance. 
• Evaluate and improve cloud, network, and enterprise system security. 
• Provide technical writing, reporting, and mentoring to engineering and development 
teams. 
• Support federal cybersecurity compliance objectives and secure development 
lifecycle requirements. 


Qualifications 
Required Qualifications 
• Candidates must be willing and able to work as Ashburn W-2 employees. 1099 and 
corp-to-corp arrangements are not permitted for these roles. 
• DHS EOD / suitability is required. 
• 10+ years of experience automating application security scanning processes, Zero 
Trust integration, and data sanitization for Government or similarly complex 
enterprise systems. 
• Experience deploying and using Application Security Testing platforms such as 
Checkmarx. 
• Experience automating or supporting Zero Trust Network Access (ZTNA) and Secure 
Web Gateway (SWG) solutions. 
• Advanced security engineering experience across on-premises and cloud 
environments. 
• Experience implementing AWS security best practices, including VPC Flow Logs, 
Security Lake, and audit monitoring. 
• Experience building EKS clusters using Terraform and Kubernetes. 
• Experience creating custom hardened AMI builds. 
• Experience integrating network security tools such as Palo Alto, AlgoSec, Gigamon, 
and Corelight. 
• Experience reviewing, evaluating, and improving security of complex systems and 
networks. 
• Experience with vulnerability management, SIEM integrations, certificate 
management, single sign-on implementations, and federal regulatory compliance. 
• Demonstrated ability to lead security code reviews and conduct risk assessments. 
• Experience developing OS hardening strategies, evaluating firewall policies, and 
implementing enterprise infrastructure monitoring solutions. 
• Strong technical writing, training, and mentoring skills. 
• Ability to mentor development teams in secure coding practices and align technical 
solutions to Government cybersecurity objectives. 


Preferred / Strongly Desired Qualifications 
• Experience with Burp Suite, Checkmarx One, PortSwigger, SonarQube, Fortify, SAST, 
DAST, SCA, API security testing, or IaC scanning. 
• Experience integrating application security testing into CI/CD pipelines. 
• Experience with secure coding practices in Java, Python, JavaScript, C#, Ruby, SQL, 
React, Node.js, PowerShell, Go, or similar languages. 
• Experience applying OWASP, NIST, DHS, DevSecOps, and secure software lifecycle 
practices. 
• Secure software certification preferred, such as CSSLP, GIAC secure software 
credential, EC-Council secure programmer certification, or comparable experience. 
• Prior DHS, DOD / DOW or federal application security experience.

Apply