Overview
On Site
$100,000 - $120,000
Full Time
Skills
Application security
vulnerabilities
Veracode
SAST
Job Details
Role Purpose:
The engineer operationalizes Veracode Static Application Security Testing (SAST) across development teams, coordinates scans, validates false-positives, and guides developers to remediate vulnerabilities and meet policy SLAs.
Key Responsibilities:
- Onboard projects and development teams onto the Veracode SAST platform.
- Configure application profiles, policies, and automated scans.
- Review scan results, triage findings, and verify false-positive rejections.
- Partner with developers to remediate vulnerabilities and re-run scans.
- Maintain dashboards and compliance reports for AppSec governance.
- Collaborate with the Tenable platform team to ensure findings integrate into enterprise vulnerability reporting.
- Provide secure-coding guidance and developer enablement sessions.
Skills & Experience
- 4 8 years in Application Security or Secure Software Development.
- Hands-on with Veracode SAST (onboarding, policy scan setup, IDE integration).
- Strong knowledge of OWASP Top 10 and secure-coding principles.
- Ability to validate false positives using code review and regex-based rules.
- Exposure to Java, .NET, Python, or JavaScript applications.
- Experience with CI/CD tools (Jenkins, Azure DevOps, GitHub Actions).
- Excellent communication and cross-team collaboration skills.
Preferred Certifications : Veracode Certified Engineer (SAST) / Security+ / OWASP member.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.