Security Engineer – SAST & SCA (Application Security)

California City, CA, US • Posted 2 days ago • Updated 2 days ago
Contract W2
12 Months
No Travel Required
On-site
Depends on Experience
Company Branding Image
Fitment

Dice Job Match Score™

🔗 Matching skills to job...

Job Details

Skills

  • JIRA
  • GitLab
  • GitHub
  • JavaScript
  • SAST/SCA

Summary

Job Title: Security Engineer – SAST & SCA (Application Security)

Location: San Jose, CA (5 days Onsite)

 

Role summary

We are looking for a Security Engineer specializing in SAST and SCA to strengthen our Application Security (AppSec) program. This role will focus on identifying, prioritizing, and driving remediation of code-level and open-source vulnerabilities across the software development lifecycle (SDLC). The ideal candidate has a strong understanding of secure coding practices, vulnerability management, and developer workflows, with the ability to scale security testing through automation and process integration.

Key Responsibilities

SAST (Static Application Security Testing)

• Operate and manage SAST tools (e.g., Checkmarx, Fortify, Veracode, CodeQL)

 

• Analyze scan results to: 

  • Identify true positives vs false positives
  • Prioritize based on exploitability and business impact

 

 Partner with development teams to: 

  • Remediate vulnerabilities
  • Improve secure coding practices

 

• Tune rules and policies to reduce noise and increase scan accuracy

SCA (Software Composition Analysis)

• Manage and optimize SCA tools (e.g., Sonatype, Snyk, Black Duck, WhiteSource/Mend, Dependabot)

 

• Identify and track: 

  • Vulnerabilities in third-party and open-source components
  • License and compliance risks

 

 Drive: 

  • Dependency upgrades and patching strategies
  • Risk-based prioritization for remediation

 

• Maintain visibility into software bill of materials (SBOM)

 

SDLC Integration & Automation

 Integrate SAST/SCA into: 

  • CI/CD pipelines (GitHub, GitLab, Azure DevOps, Jenkins)
  • Developer workflows (PR checks, pre-commit hooks)

 

• Automate: 

  • Scan execution and reporting
  • Ticket creation and tracking (Jira or similar)

 

• Ensure shift-left security adoption across engineering teams

 

Vulnerability Management & Reporting

• Track vulnerability lifecycle: 

  • Identification → Triage → Remediation → Closure

 

 Provide

  • Metrics and dashboards (e.g., SLA compliance, risk trends)
  • Executive-ready summaries for leadership

 

• Support: 

  • Audit and compliance requirements (ISO, SOC2, etc.)

 

Developer Enablement

• Act as a trusted advisor to engineering teams

 

• Provide: 

  • Remediation guidance and secure coding recommendations
  • Documentation, FAQs, and best practices

 

 Conduct: 

  • Developer training and awareness sessions

 

Required Qualifications

Experience

• 3–6+ years in Application Security, DevSecOps, or Secure Development

• Hands-on experience with: 

o SAST and/or SCA tools in enterprise environments

• Experience working closely with development teams and CI/CD pipelines

 

Technical Skills

 Strong knowledge of: 

  • OWASP Top 10
  • Secure coding practices (Java, Python, C/C++, JavaScript, etc.)

 

 Experience with SAST tools such as: 

  • Checkmarx, Fortify, Veracode, CodeQL

 

 Experience with SCA tools such as: 

  • Snyk, Black Duck, Mend, Dependabot

 

DevSecOps & Automation

• Familiarity with: 

  • CI/CD tools (GitHub Actions, Jenkins, GitLab CI, Azure DevOps)

 

 Experience with: 

  • Scripting (Python, Bash, PowerShell)

 

 Ability to: 

  • Automate workflows and integrate security into pipelines

 

Vulnerability Management

• Understanding of: 

  • CVSS scoring and risk prioritization
  • Vulnerability tracking and remediation processes

 

• Experience with: 

  • Jira or similar ticketing systems

 

Preferred Qualifications

• Certifications: 

CSSLP, GWAPT, OSCP (optional but valuable)

 

• Experience with: 

  • SBOM frameworks (CycloneDX, SPDX)
  • Container security and dependency scanning
  • Cloud-native application security

 

• Familiarity with: 

  • Secrets scanning, IaC scanning tools (e.g., Terraform security)

 

Key Competencies

  • Strong analytical skills and attention to detail
  • Ability to separate signal from noise in scan results
  • E ective communication with both technical and non-technical stakeholders
  • Focus on scalable, developer-friendly security solutions
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 91172939
  • Position Id: 9020657
  • Posted 2 days ago

Company Info

About UniqueHire Consulting LLC

UniqueHire is a digital transformation IT consulting & services company established in 2014 by recruitment leaders in industry who comes with rich experience in Corporate and consulting. We provide cutting edge IT consulting and Professional Services to varied clients.

We are committed to build organizations with professional talents who can help our clients to compete in the global market. We provide solutions for the human resource needs of our clients through long-term client relationships built on experience, insight and teamwork. We have a multifaceted team of consultants who are highly experienced and specialize in the vertical they serve.

About_Company_OneAbout_Company_Two
Contact the job poster
VK

Vasanth Kumar

Recruiter @ UniqueHire Consulting LLC
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

It looks like there aren't any Similar Jobs for this job yet.

Search all similar jobs