Security Architect

Role: Senior DevSecOps Engineer

Location: hybrid in Greensboro, NC.

Duration: 1.5 -4-year Contract

Interview: Video

Must haves:
- Strong development background (MOST important)

Must be able to code and speak at a developer level

Preferred: Java, Python

• Application security experience

OWASP Top 10-level understanding expected

Ability to explain vulnerabilities deeply (not just tool usage)

Job Description:
Role Overview

Our organization is seeking two DevSecOps Engineers for the Technology Risk Office s Application Security team. This role is responsible for conducting security assessments across all applications, including web, mobile, and APIs. The position functions as a consultative partner to developers, focusing on explaining security issues, guiding remediation, and integrating security tools within the CI/CD pipeline. This is a contract-to-hire opportunity.

Key Responsibilities

• Review vulnerabilities identified by security tools and work directly with development teams to explain issues and guide remediation efforts.
• Engage in hands-on development and scripting to create and maintain tool integrations within the security ecosystem.
• Support end-to-end application security services, including intake, assessment scoping, and application team engagement.
• Conduct SAST, SCA, DAST, API security, and mobile security assessment activities, including onboarding, validation, reporting, and remediation guidance.
• Assist in reducing the application security backlog and improve vulnerability management by working with application teams on findings and closure.
• Enable stronger security throughout the software development lifecycle through automated, developer-friendly security tools and processes.

Required Qualifications

Education: Bachelor s degree in Computer Science, Information Security, Cybersecurity, Information Technology, Engineering, or equivalent related experience.

Experience: A strong development background is the most critical requirement. We are seeking candidates with a developer's mindset and coding ability. Experience levels are flexible, with roles available for candidates with 3+ years and 6+ years of relevant experience in application security, DevSecOps, or software development.

Technical Skills:

• Demonstrated ability to code and communicate at a developer level, preferably with experience in Java or Python.
• Experience with Application Security, secure SDLC, and DevSecOps principles within CI/CD pipelines.
• Knowledge of security testing (SAST, SCA/OSCA, DAST), API security, and vulnerability validation.
• Familiarity with tools such as GitHub, Jira, and Jenkins.
• Understanding of cloud security concepts and REST/SOAP APIs.
• Strong communication skills to explain vulnerabilities, risk, and remediation clearly to developers and stakeholders.

Preferred Qualifications

• A Bachelor s or Master s degree in Computer Science, Cybersecurity, Information Security, or a related field.
• Experience with tools such as Checkmarx, Sonatype Nexus IQ, Black Duck, or Noname API Security.
• Knowledge of Docker, Kubernetes, AWS, or Azure.
• Relevant certifications such as CISSP, CSSLP, GIAC, Security+, AWS Security, or Azure Security