Senior Application Security Engineer (DevSecOps | SAST/DAST/SCA | CI/CD Security)

Immediate need for a talented Senior Application Security Engineer (DevSecOps | SAST/DAST/SCA | CI/CD Security). This is a 06+ months contract opportunity with long-term potential and is located in Charlotte, NC (Hybrid). Please review the job description below and contact me ASAP if you are interested.

Job ID: 26-16289

Pay Range: $75 - $80/hour.  Traveler benefits as per agency package. (Benefits vary by vendor and assignment.)

Key Responsibilities:

• Perform application security assessments across web, mobile, API, and cloud applications.
• Conduct and support SAST, DAST, SCA, and vulnerability scanning activities.
• Validate security findings and help development teams prioritize remediation efforts.
• Provide secure coding guidance and vulnerability remediation recommendations.
• Support threat modeling and secure architecture review activities.
• Integrate security testing and automation into CI/CD pipelines.
• Partner with development teams to improve security throughout the SDLC.
• Support AppSec tooling onboarding, optimization, reporting, and automation.
• Assist with reducing security backlog and improving vulnerability management processes.
• Track security findings through remediation and closure.

Key Requirements and Technology Experience: 

• 5+ years of Application Security, Product Security, or DevSecOps experience.
• Strong understanding of Secure SDLC principles.
• Hands-on experience with application security testing methodologies.
• Experience working directly with software development teams.
• Strong understanding of OWASP Top 10 and secure coding practices.
• Experience performing vulnerability validation and remediation guidance.
• Application Security
• Application Security Assessments
• Secure SDLC
• Threat Modeling
• Secure Code Review
• Vulnerability Management
• Risk Assessment
• Security Testing
• SAST
• DAST
• SCA / Software Composition Analysis
• API Security Testing
• Web Application Security Testing
• DevSecOps
• CI/CD Security Integration
• Security Automation
• DevSecOps Tooling
• Pipeline Security
• Development / Scripting
• Experience with one or more:
• Python
• Java
• Go
• Node.js
• Ruby
• Cloud & Platforms
• AWS
• Azure
• Cloud Security Concepts
• GitHub
• Jenkins
• Jira
• Experience with one or more of:
• Checkmarx
• Fortify
• Coverity
• Black Duck
• Sonatype Nexus IQ
• Invicti / Netsparker
• Burp Suite
• Qualys WAS
• Rapid7 InsightAppSec
• Noname API Security
• Terraform
• Azure DevOps
• Docker
• Kubernetes
• CISSP
• CSSLP
• Security+
• GIAC Certifications
• AWS Security Specialty
• Azure Security Certifications

Our client is a leading Healthcare Industry and we are currently interviewing to fill this and other similar contract positions. If you are interested in this position, please apply online for immediate consideration.

Pyramid Consulting, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

By applying to our jobs you agree to receive calls, AI-generated calls, text messages, or emails from Pyramid Consulting, Inc. and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here.

#St