SAST Implementation SME

RESPONSIBILITIES:
Kforce has a client in Tampa, FL that is seeking a SAST Implementation SME who will focus on integrating and optimizing Static Application Security Testing (SAST) tools and processes across the organization. This leadership role will guide the implementation, and operationalization, ensuring alignment with secure coding standards and organizational objectives. The SME will influence process improvements, tool migration strategies, and the development of training and best practices.

Key Responsibilities:
* Serve as the delegate for the Project Lead, supporting program execution and stakeholder engagement
* Lead the selection, proof-of-concept (PoC), configuration, and implementation of SAST tools (e.g., Checkmarx, Veracode, SonarQube, Fortify) within development environments and CI/CD pipelines
* Define and optimize policies, standards, and workflows for SAST integration and vulnerability management
* Collaborate with engineering, security, and product teams to embed SAST into the Software Development Lifecycle (SDLC) and DevSecOps pipelines
* Guide the development of secure coding training and awareness programs
* Monitor industry trends to recommend enhancements to SAST tool implementation and utilization methodologies
* Establish metrics and reporting frameworks to measure program effectiveness and progress
* Support troubleshooting and escalation management for SAST-related issues in collaboration with technical teams and vendors

REQUIREMENTS:
* High School diploma/GED required
* SAST Expertise: Deep understanding of SAST tools and their deployment, configuration, and optimization
* Secure Coding Practices: Strong knowledge of vulnerability prevention techniques and standards (e.g., OWASP Top 10, CWE/SANS Top 25)
* Tooling Knowledge: Familiarity with Checkmarx, Veracode, SonarQube, Fortify, and related technologies
* DevSecOps Integration: Experience embedding SAST into CI/CD pipelines and automating security checks
* SCA Expertise: Deep understanding of SCA principles, tools, and best practices for managing open-source and third-party components
* Software Supply Chain Security: Strong knowledge of vulnerability prevention, license compliance, and SBOM management
* Tooling Knowledge: Familiarity with Endor Labs, Mend/WhiteSource, Black Duck, Snyk, and related technologies
* DevSecOps Integration: Experience embedding SCA into CI/CD pipelines and automating security checks
* Program Leadership: Ability to guide large-scale security initiatives, manage tool migrations, and optimize processes
* Strategic Communication: Skilled in influencing stakeholders and articulating program goals and improvements
* Risk Assessment: Experience assessing vulnerabilities and license risks in third-party components

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.