UniqueHire is a digital transformation IT consulting & services company established in 2014 by recruitment leaders in industry who comes with rich experience in Corporate and consulting. We provide cutting edge IT consulting and Professional Services to varied clients.
Security Engineer – SAST & SCA (Application Security)


UniqueHire Consulting LLC
Dice Job Match Score™
🔗 Matching skills to job...
Job Details
Skills
- JIRA
- GitLab
- GitHub
- JavaScript
- SAST/SCA
Summary
Job Title: Security Engineer – SAST & SCA (Application Security)
Location: San Jose, CA (5 days Onsite)
Role summary
We are looking for a Security Engineer specializing in SAST and SCA to strengthen our Application Security (AppSec) program. This role will focus on identifying, prioritizing, and driving remediation of code-level and open-source vulnerabilities across the software development lifecycle (SDLC). The ideal candidate has a strong understanding of secure coding practices, vulnerability management, and developer workflows, with the ability to scale security testing through automation and process integration.
Key Responsibilities
SAST (Static Application Security Testing)
• Operate and manage SAST tools (e.g., Checkmarx, Fortify, Veracode, CodeQL)
• Analyze scan results to:
- Identify true positives vs false positives
- Prioritize based on exploitability and business impact
• Partner with development teams to:
- Remediate vulnerabilities
- Improve secure coding practices
• Tune rules and policies to reduce noise and increase scan accuracy
SCA (Software Composition Analysis)
• Manage and optimize SCA tools (e.g., Sonatype, Snyk, Black Duck, WhiteSource/Mend, Dependabot)
• Identify and track:
- Vulnerabilities in third-party and open-source components
- License and compliance risks
• Drive:
- Dependency upgrades and patching strategies
- Risk-based prioritization for remediation
• Maintain visibility into software bill of materials (SBOM)
SDLC Integration & Automation
• Integrate SAST/SCA into:
- CI/CD pipelines (GitHub, GitLab, Azure DevOps, Jenkins)
- Developer workflows (PR checks, pre-commit hooks)
• Automate:
- Scan execution and reporting
- Ticket creation and tracking (Jira or similar)
• Ensure shift-left security adoption across engineering teams
Vulnerability Management & Reporting
• Track vulnerability lifecycle:
- Identification → Triage → Remediation → Closure
• Provide:
- Metrics and dashboards (e.g., SLA compliance, risk trends)
- Executive-ready summaries for leadership
• Support:
- Audit and compliance requirements (ISO, SOC2, etc.)
Developer Enablement
• Act as a trusted advisor to engineering teams
• Provide:
- Remediation guidance and secure coding recommendations
- Documentation, FAQs, and best practices
• Conduct:
- Developer training and awareness sessions
Required Qualifications
Experience
• 3–6+ years in Application Security, DevSecOps, or Secure Development
• Hands-on experience with:
o SAST and/or SCA tools in enterprise environments
• Experience working closely with development teams and CI/CD pipelines
Technical Skills
• Strong knowledge of:
- OWASP Top 10
- Secure coding practices (Java, Python, C/C++, JavaScript, etc.)
• Experience with SAST tools such as:
- Checkmarx, Fortify, Veracode, CodeQL
• Experience with SCA tools such as:
- Snyk, Black Duck, Mend, Dependabot
DevSecOps & Automation
• Familiarity with:
- CI/CD tools (GitHub Actions, Jenkins, GitLab CI, Azure DevOps)
• Experience with:
- Scripting (Python, Bash, PowerShell)
• Ability to:
- Automate workflows and integrate security into pipelines
Vulnerability Management
• Understanding of:
- CVSS scoring and risk prioritization
- Vulnerability tracking and remediation processes
• Experience with:
- Jira or similar ticketing systems
Preferred Qualifications
• Certifications:
CSSLP, GWAPT, OSCP (optional but valuable)
• Experience with:
- SBOM frameworks (CycloneDX, SPDX)
- Container security and dependency scanning
- Cloud-native application security
• Familiarity with:
- Secrets scanning, IaC scanning tools (e.g., Terraform security)
Key Competencies
- Strong analytical skills and attention to detail
- Ability to separate signal from noise in scan results
- E ective communication with both technical and non-technical stakeholders
- Focus on scalable, developer-friendly security solutions
- Dice Id: 91172939
- Position Id: 9020657
- Posted 2 days ago
Company Info
About UniqueHire Consulting LLC
We are committed to build organizations with professional talents who can help our clients to compete in the global market. We provide solutions for the human resource needs of our clients through long-term client relationships built on experience, insight and teamwork. We have a multifaceted team of consultants who are highly experienced and specialize in the vertical they serve.


Similar Jobs
It looks like there aren't any Similar Jobs for this job yet.
Search all similar jobs