Information Security Engineer 4

Location: Charlotte, NC
Salary: $69.00 USD Hourly - $74.00 USD Hourly
Description: Application Security Engineer - Information Security Engineer 4

Hybrid Work Schedule in one of the following cities:

Charlotte, NC

Chandler, AZ

Dallas, TX

Minneapolis, MN

3 days onsite, 2 remote

2+ year contract with possibility for extensions/conversion to FTE
About the Job

As an Application Security Engineer, you will be part of a dynamic team focused on enhancing the security posture of our client's software development lifecycle. You will lead efforts in Software Composition Analysis (SCA), collaborate with cross-functional teams, and drive secure development practices across the enterprise. This role is ideal for someone passionate about automation, open-source security, and developer experience.
Responsibilities

• Manage and optimize security automation tools, with a primary focus on SCA (e.g., Checkmarx One, BlackDuck).
• Collaborate with internal teams (e.g., ServiceNow AVR, DevOps, vulnerability operations) to ensure accurate vulnerability tracking and remediation.
• Partner with security architects to design workflows and best practices that enhance developer experience.
• Deliver security training and outreach to internal development teams.
• Conduct adversarial security analysis and recommend tools and practices aligned with industry standards.
• Support audits (e.g., SOC 2, PCI-DSS) and contribute to policy development with governance and compliance teams.
• Work with CTO pipeline teams to improve code quality, open-source security, and SBOM generation.
• Enhance container security tools and platforms, including Kubernetes and OpenShift.
• Design and implement advanced security solutions for open-source software supply chain management.

Minimum Qualifications

• 5+ years of experience in Information Security Engineering or equivalent (e.g., military, education, training).
• 5+ years of experience in Application Security and DevSecOps, working closely with development teams.
• 3+ years of experience in one or more programming languages: .NET, C#, Java, Rust, C++.

Preferred Qualifications

• Proficiency in scripting languages such as Python and PowerShell.
• Experience with CI/CD tools and technologies (e.g., GitHub, Jenkins, Maven, Artifactory, Harness, Xray).
• Strong understanding of Secure Software Development Lifecycle (SSDLC).
• Deep knowledge of OWASP Top 10 and CWE.
• Experience documenting SCA procedures and tool configurations.
• Familiarity with AI tools for false positive reduction, auto-remediation, and open-source threat intelligence.
• Experience with Jira and Confluence.
• Strong analytical and problem-solving skills.
• Relevant certifications (e.g., CISSP, CISM, CEH).
• Experience with container security and SBOM generation using CycloneDX or SPDX.

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Contact:

This job and many more are available through The Judge Group. Please apply with us today!