Code Reviewer, Software Assurance - Junior

Client Suitability Required

About Aretum

Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront.

Job Summary

Aretumis seeking a highly skilled and experienced Code Reviewer, Software Assurance to perform code scan reviews and to analyze custom-developed software for security and quality flaws. The ideal candidate will bring a strong software development background, hands-on experience with code scanning tools (Fortify and CodeQL), and proven experience in working and managing large backlogs of code reviews and guiding secure development practices. This role plays a critical part in maintaining high standards of software security, compliance, and documentation across the development lifecycle. You will work closely with cross-functional customer teams including developers, program managers, security engineers, project managers, and stakeholders.

Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements.

Responsibilities

• Conduct detailed manual and automated code reviews to identify security, quality, and compliance issues across custom-developed applications.
• Interface with customers on an as needed basis to provide support, enable customer initiatives, and aid in inquiries.
• Perform peer reviews of Software Assurance Team members on secure code practices.
• Maintain and improve internal procedures and knowledgebases for secure code analysis.
• Utilize industry-standard tools (e.g., Fortify SCA, CodeQL, SonarQube) to perform static code analysis and interpret results.
• Prioritize large backlog of code review requests, ensuring timely and accurate assessments.
• Provide guidance to developers and security analysts on secure coding standards and remediation best practices.
• Collaborate with cross-functional teams including software engineers, program managers, and security teams to ensure alignment with security and quality objectives.
• Maintain detailed documentation of findings, associate risks, and mitigation strategies for customer-facing reports.
• Perform threat modeling and risk analysis to contextualize vulnerabilities and recommend mitigation steps.
• Stay current with emerging technologies, vulnerabilities, and industry standards (e.g., OWASP, NIST, ISO).
• Attend and actively participate in meetings.
• Continuously improve code review processes and tool effectiveness through metrics and feedback loops.

Requirements

• Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or related field.
• 5+ years of professional software development experience with strong proficiency in at least two major programming languages (e.g., Java, C#, Python, JavaScript).
• 2+ years of hands-on code review and static analysis experience using tools such as Fortify SCA, CodeQL, or equivalent.
• Proven expertise in secure coding practices and application security frameworks, including OWASP Top 10, CWE/SANS, and threat modeling.
• Strong knowledge of SDLC, DevSecOps practices, and CI/CD integration for automated security testing.
• Background in cybersecurity and risk management, with the ability to evaluate business impact and risk prioritization.
• Experience managing high-volume code review workflows and balancing competing priorities.
• Excellent communication skills, with the ability to convey technical findings clearly to both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail and commitment to high-quality work.

Preferred Qualifications

• Masters in Computer Science, Software Engineering, Cybersecurity, or related field.

Travel Requirements

This is a remote position; however, occasional travel may be required based on project needs, client meetings, team collaboration events, or training sessions. Travel is expected to be less than 10% and will be communicated in advance whenever possible. 

EEO Statement

Aretum is committed to fostering a workplace rooted in excellence, integrity, and equal opportunity for all. We adhere to merit-based hiring practices, ensuring that all employment decisions are made based on qualifications, skills, and ability to perform the job, without preference or consideration of factors unrelated to job performance.

As an Equal Opportunity Employer, Aretum complies with all applicable federal, state, and local employment laws.

We are proud to support our nation’s veterans and military families, providing career opportunities that honor their service and experience.

Equal Opportunity Employer/Veterans/Disabled

U.S. Work Authorization

Due to federal contract requirements, only U.S. citizens are eligible for this position. This position supports a federal government contract and requires the ability to obtain and maintain a Public Trust or Suitability Determination, depending on the agency’s background investigation requirements.