Senior DevSecOps Engineer Location: Greensboro, North Carolina (Hybrid)
Duration: Long Term
MOI: Video
Must-Haves
- Strong development background (MOST important)
- Must be able to code and speak at a developer level
- Preferred: Java, Python
- Application Security experience
- OWASP Top 10-level understanding expected
- Ability to explain vulnerabilities deeply (not just tool usage)
Job Description Role Overview Our organization is seeking two DevSecOps Engineers for the Technology Risk Office's Application Security team. This role is responsible for conducting security assessments across all applications, including web, mobile, and APIs. The position functions as a consultative partner to developers, focusing on explaining security issues, guiding remediation, and integrating security tools within the CI/CD pipeline. This is a contract-to-hire opportunity.
Key Responsibilities - Review vulnerabilities identified by security tools and work directly with development teams to explain issues and guide remediation efforts.
- Engage in hands-on development and scripting to create and maintain tool integrations within the security ecosystem.
- Support end-to-end application security services, including intake, assessment scoping, and application team engagement.
- Conduct SAST, SCA, DAST, API security, and mobile security assessment activities, including onboarding, validation, reporting, and remediation guidance.
- Assist in reducing the application security backlog and improve vulnerability management by working with application teams on findings and closure.
- Enable stronger security throughout the software development lifecycle through automated, developer-friendly security tools and processes.
Required Qualifications Education Bachelor's degree in Computer Science, Information Security, Cybersecurity, Information Technology, Engineering, or equivalent related experience.
Experience A strong development background is the most critical requirement. We are seeking candidates with a developer's mindset and coding ability. Experience levels are flexible, with roles available for candidates with 3+ years and 6+ years of relevant experience in application security, DevSecOps, or software development.
Technical Skills - Demonstrated ability to code and communicate at a developer level, preferably with experience in Java or Python.
- Experience with Application Security, secure SDLC, and DevSecOps principles within CI/CD pipelines.
- Knowledge of security testing (SAST, SCA/OSCA, DAST), API security, and vulnerability validation.
- Familiarity with tools such as GitHub, Jira, and Jenkins.
- Understanding of cloud security concepts and REST/SOAP APIs.
- Strong communication skills to explain vulnerabilities, risk, and remediation clearly to developers and stakeholders.
Preferred Qualifications - A Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Security, or a related field.
- Experience with tools such as Checkmarx, Sonatype Nexus IQ, Black Duck, or Noname API Security.
- Knowledge of Docker, Kubernetes, AWS, or Azure.
- Relevant certifications such as CISSP, CSSLP, GIAC, Security+, AWS Security, or Azure Security.
Never miss an opportunity! Create an alert based on the job you applied for.
