Application Security Engineer Veracode SAST - Fulltime role

Overview

On Site
Full Time

Skills

Java
PYTHON
.net
ci/cd
Application Security or Secure Software Development
Veracode SAST
Preferred Certifications :Veracode Certified Engineer (SAST) / Security+ / OWASP member

Job Details

Application Security Engineer Veracode SAST

FTE only

Location Charlotte, Raileigh, Birmingham, Memphis (5 days in office)

Role

Layer

Tool / Platform

Role Focus

Summary

Application Security Engineer Veracode SAST

Application Security Layer

Veracode SAST

Code-level vulnerability detection and developer remediation. This is an Application Security Enablement role - not a Pen Test or DevSecOps position.

Focus on static analysis and developer remediation enablement (not Pen Testing or DevSecOps automation).

Together, these roles enable an end-to-end vulnerability-management ecosystem - from secure code analysis to enterprise-level reporting and governance.

Below is the JD.

  1. Application Security Engineer Veracode SAST

Role Purpose: The engineer operationalizes Veracode Static Application Security Testing (SAST) across development teams, coordinates scans, validates false-positives, and guides developers to remediate vulnerabilities and meet policy SLAs.

Key Responsibilities:

Onboard projects and development teams onto the Veracode SAST platform.

Configure application profiles, policies, and automated scans.

Review scan results, triage findings, and verify false-positive rejections.

Partner with developers to remediate vulnerabilities and re-run scans.

Maintain dashboards and compliance reports for AppSec governance.

Collaborate with the Tenable platform team to ensure findings integrate into enterprise vulnerability reporting.

Provide secure-coding guidance and developer enablement sessions.

Skills & Experience

4 8 years in Application Security or Secure Software Development.

Hands-on with Veracode SAST (onboarding, policy scan setup, IDE integration).

Strong knowledge of OWASP Top 10 and secure-coding principles.

Ability to validate false positives using code review and regex-based rules.

Exposure to Java, .NET, Python, or JavaScript applications.

Experience with CI/CD tools (Jenkins, Azure DevOps, GitHub Actions).

Excellent communication and cross-team collaboration skills.

Preferred Certifications : Veracode Certified Engineer (SAST) / Security+ / OWASP member.

Additional Skill Requirements:

  • Strong understanding of application security principles, OWASP Top 10, and SDLC best practices.
  • Experience in resolving vulnerabilities using at least one programming language such as Java or .NET.
  • Prior development experience using at least one technology stack (Java, .NET, or equivalent).
  • Ability to analyze and provide secure coding recommendations based on real application scenarios.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.