Logo
Attain Partners

Application Security Engineer

Attain Partners, , NC, United States

Attain Partners is searching for an Application Security Engineer for an awesome (woman-owned govcon small business) client of ours, full time! This position is fully remote with a preference for candidates to reside in the Raleigh, NC area.


If you have experience with static code analysis tools, modern CI/CD pipelines, and hands-on development (in order to recommend remediation strategies to developers), let's chat!


This position will help a federal client's AppSec program. It's a new and exciting role that will allow you to support the design and implementation effort before pivoting to operations and continuous advancement, with responsibility for designing, implementing, and operating the client's SAST "product." The successful candidate will have prior experience operating SAST tools, with preference given for Fortify SaaS.


Duties:

  • Design and implement the client’s AppSec program, including tool deployment and configuration. Integrate SAST tools into customer deployment pipelines.
  • Develop all relevant documentation, including diagrams and concept of operations (CONOPS).
  • Create compliance documentation and collaborate with the Product Manager (PM) to ensure system adherence.
  • Actively own and deliver assigned on-boarding applications through assessment, training, configuration and tuning phases.
  • Act as a technical liaison between the product team and consumers.
  • Present solutions to technical teams and client leadership.
  • Troubleshoot SAST tool-related issues and code vulnerabilities, recommending code solutions as needed.


Must Have Qualifications

  • Bachelor’s degree in Computer Science, Information Systems, Engineering, or other related scientific or technical field, or at least 8 years of IT experience and no degree requirement
  • AppSec & DevSecOps: Minimum of 3+ years as a senior engineer supporting efforts in AppSec (SAST, SCA) and/or DevSecOps for developers/engineers.
  • Programming Expertise: 5+ years of fluency in one or more high-level programming languages (e.g., Python, Java, JavaScript) within an enterprise environment. Experience with source code management tools (e.g., GitHub, Bitbucket).
  • Code Scanning & SDLC Integration: 2+ years supporting code scanning within the SDLC and modern CI/CD pipelines (e.g., GitHub Actions, Jenkins).
  • SAST and SCA Expertise: 2+ years of demonstrable experience in configuring SAST and SCA tools (e.g., Fortify, Snyk, Veracode) and leveraging AppSec concepts and principles.
  • SDLC & Vulnerability Mitigation: 5+ years of hands-on experience in SDLC software development, troubleshooting vulnerabilities, and implementing remediation practices. Ability to recommend remediation strategies to developers.
  • Enterprise Cloud Experience: 5+ years of experience working in enterprise cloud environments (e.g., AWS, Azure, Google Cloud) IaaS, PaaS and SaaS.
  • AWS Experience: 2+ years of experience deploying or accessing AWS services, with demonstrable experience with AWS API automation.
  • CI/CD Experience: 2+ years of advanced-level CI/CD experience, including building and maintaining pipelines, automating AppSec tools, and integrating reporting mechanisms.
  • Issue Management & Triage: 5+ years of experience triaging and supporting developer requests for vulnerability investigation using tools like JIRA, GitHub, or ServiceNow.
  • Training: 2+ years of experience training users on AppSec tools usage and DevSecOps best practices.
  • Agile Methodologies: Experience with SCRUM and/or SAFe (Scaled Agile Framework) methodologies in a development or operational environment.
  • Proven success in managing and excelling in ambiguous environments, demonstrating resilience and grit to drive results despite uncertain or evolving conditions. Must be a self-starter who can drive initiatives independently, establish structure, and provide clarity without requiring close supervision or hand-holding in dynamic or less-defined settings.


Preferred Qualifications

  • AWS Certifications.
  • Software Provenance & Supply Chain Security: 2+ years of experience with software provenance, following Supply-chain Levels for Software Artifacts (SLSA), and working with code signing practices.
  • Experience using quality gates to ensure software meets release thresholds.