Senior Devsecops

Location: hybrid in Greensboro, NC.




Hiring Manager prefers Local candidates or at least on the eastern seaboard if they will relocate




Must haves:
- Strong development background (MOST important)
Must be able to code and speak at a developer level
Preferred: Java, Python

• Application security experience

OWASP Top 10-level understanding expected
Ability to explain vulnerabilities deeply (not just tool usage)

Job Description:
Role Overview
Our organization is seeking two DevSecOps Engineers for the Technology Risk Office's Application Security team. This role is responsible for conducting security assessments across all applications, including web, mobile, and APIs. The position functions as a consultative partner to developers, focusing on explaining security issues, guiding remediation, and integrating security tools within the CI/CD pipeline. This is a contract-to-hire opportunity.

Key Responsibilities

• Review vulnerabilities identified by security tools and work directly with development teams to explain issues and guide remediation efforts.
• Engage in hands-on development and scripting to create and maintain tool integrations within the security ecosystem.
• Support end-to-end application security services, including intake, assessment scoping, and application team engagement.
• Conduct SAST, SCA, DAST, API security, and mobile security assessment activities, including onboarding, validation, reporting, and remediation guidance.
• Assist in reducing the application security backlog and improve vulnerability management by working with application teams on findings and closure.
• Enable stronger security throughout the software development lifecycle through automated, developer-friendly security tools and processes.

Required Qualifications
Education: Bachelor's degree in Computer Science, Information Security, Cybersecurity, Information Technology, Engineering, or equivalent related experience.

Experience: A strong development background is the most critical requirement. We are seeking candidates with a developer's mindset and coding ability. Experience levels are flexible, with roles available for candidates with 3+ years and 6+ years of relevant experience in application security, DevSecOps, or software development.

Technical Skills:

• Demonstrated ability to code and communicate at a developer level, preferably with experience in Java or Python.
• Experience with Application Security, secure SDLC, and DevSecOps principles within CI/CD pipelines.
• Knowledge of security testing (SAST, SCA/OSCA, DAST), API security, and vulnerability validation.
• Familiarity with tools such as GitHub, Jira, and Jenkins.
• Understanding of cloud security concepts and REST/SOAP APIs.
• Strong communication skills to explain vulnerabilities, risk, and remediation clearly to developers and stakeholders.

Preferred Qualifications

• A Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Security, or a related field.
• Experience with tools such as Checkmarx, Sonatype Nexus IQ, Black Duck, or Noname API Security.
• Knowledge of Docker, Kubernetes, AWS, or Azure.
• Relevant certifications such as CISSP, CSSLP, GIAC, Security+, AWS Security, or Azure Security