Job description

W2 Role- Sr. Security Engineer (hybrid onsite) 12 Months contract Proper LinkedIn All open to Locations: Charlotte, NC Chandler, AZ Dallas, TX Minneapolis, MN. Key skills: Deep understanding of AppSec, majority of their career, DevSecOps, site reliability engineering, IaC, policy as code, all functionalities, SAST, SBOMs, DAST, IAST, threat modeling, cloud sec, etc. experience, worked in a very modern dev shop applying DevOps experience Any experience with AI sec, copilot, AI supported dev, someone on the cutting edge of AppSec experience in a modern dev shop Experience with multiple cloud providers DevSecOps Checkmarx, Prisma, BlackDuck, DevOps like Ansible, Kubernetes, docker, AI, GenAI and how to secure it, background in tech, some experience in Python, PowerShell, basic SQL, PostGre SQL Dynamic Analysis Security Testing (DAST) experience Static Analysis Security Testing (SAST) experience (Checkmarx, Fortify, Semgrep, manual code review, etc.) Recent Java or C# & .NET CORE development experience including the development of RESTful APIs AWS cert solutions arch, Kubernetes admin, cloud sec professional, cloud security architect professional, etc. Driving force in thought leadership On a transformation journey to help write code more securely, implementing policy as code, optimizing shift left, how to optimize CI/CD controls, very hands-on, 25% driving thought leadership and strategy, hand-on keyboard prototyping and developing solutions Required qualifications: 7+ years of Application Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education. Incumbent had around 15 years of AppSec experience so if we re targeting like-for-like, I d suggest we shoot for a comparable level of experience. Desired qualifications: 10+ years of experience in identifying security issues and risks, and developing mitigation plans 7+ years Development experience in more than one language (preferred Java or C# & .NET CORE development experience including the development of RESTful APIs) 5+ years of automated / manual code review secure code review, security peer review, static analysis Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, data structures and algorithms, software development, threat modeling, pen tests, or vulnerability assessments Experience with GCP and Azure Experience with artificial intelligence, with a focus on machine learning and GenAI Certifications: CISSP, CSSLP, CASP+, CASE, GSEC Screening Questions: 1. Can you explain the difference between SAST, DAST, and IAST, and when/how did you use each? 2. Have you ever implemented policy as code for IaC? What tool did you use and what policies did you enforce? 3. Walk me through a time when you secured a CI/CD pipeline. What steps and tools were involved? 4. How have you used AI tools in AppSec, and how did you secure their usage? 5. Have you ever worked with Checkmarx or a similar tool? How did you triage or fix the findings? Nikesh Mishra Lead Recruiter Email: Nikesh@stellentit.com Address: 505 Knolle Court Saint Augustine, FL 32092 Telephone: +1 407-512-1546

Requirements