Application Security Engineer Veracode SAST - Fulltime role

Job TypeFulltime

Skills RequiredJava .NET Python +4

LocationCharlotte, North Carolina

SalaryNo salary information was found.

Date Posted October 24, 2025

Hallmark Global Technologies

Hallmark Global Technologies is seeking an Application Security Engineer specializing in Veracode SAST to enhance application security across development teams. This full-time role focuses on code-level vulnerability detection and developer remediation in Charlotte, NC.

Job description

Application Security Engineer Veracode SAST FTE only Location Charlotte, Raileigh, Birmingham, Memphis (5 days in office) Role Layer Tool / Platform Role Focus Summary Application Security Engineer Veracode SAST Application Security Layer Veracode SAST Code-level vulnerability detection and developer remediation. This is an Application Security Enablement role - not a Pen Test or DevSecOps position. Focus on static analysis and developer remediation enablement (not Pen Testing or DevSecOps automation). Together, these roles enable an end-to-end vulnerability-management ecosystem - from secure code analysis to enterprise-level reporting and governance. Below is the JD. • Application Security Engineer Veracode SAST Role Purpose: The engineer operationalizes Veracode Static Application Security Testing (SAST) across development teams, coordinates scans, validates false-positives, and guides developers to remediate vulnerabilities and meet policy SLAs. Key Responsibilities: Onboard projects and development teams onto the Veracode SAST platform. Configure application profiles, policies, and automated scans. Review scan results, triage findings, and verify false-positive rejections. Partner with developers to remediate vulnerabilities and re-run scans. Maintain dashboards and compliance reports for AppSec governance. Collaborate with the Tenable platform team to ensure findings integrate into enterprise vulnerability reporting. Provide secure-coding guidance and developer enablement sessions. Skills & Experience 4 8 years in Application Security or Secure Software Development. Hands-on with Veracode SAST (onboarding, policy scan setup, IDE integration). Strong knowledge of OWASP Top 10 and secure-coding principles. Ability to validate false positives using code review and regex-based rules. Exposure to Java, .NET, Python, or JavaScript applications. Experience with CI/CD tools (Jenkins, Azure DevOps, GitHub Actions). Excellent communication and cross-team collaboration skills. Preferred Certifications : Veracode Certified Engineer (SAST) / Security+ / OWASP member. Additional Skill Requirements: • Strong understanding of application security principles, OWASP Top 10, and SDLC best practices. • Experience in resolving vulnerabilities using at least one programming language such as Java or .NET. • Prior development experience using at least one technology stack (Java, .NET, or equivalent). • Ability to analyze and provide secure coding recommendations based on real application scenarios.

Requirements

• This is an Application Security Enablement role - not a Pen Test or DevSecOps position

• 4 8 years in Application Security or Secure Software Development

• Hands-on with Veracode SAST (onboarding, policy scan setup, IDE integration)

• Strong knowledge of OWASP Top 10 and secure-coding principles

• Ability to validate false positives using code review and regex-based rules

• Exposure to Java, .NET, Python, or JavaScript applications

• Experience with CI/CD tools (Jenkins, Azure DevOps, GitHub Actions)

• Excellent communication and cross-team collaboration skills

• Strong understanding of application security principles, OWASP Top 10, and SDLC best practices

• Experience in resolving vulnerabilities using at least one programming language such as Java or .NET

• Prior development experience using at least one technology stack (Java, .NET, or equivalent)

• Ability to analyze and provide secure coding recommendations based on real application scenarios

Similar Jobs

Corebridgefinancial

Oct 18, 2025

Application Security Manager

Durham, North Carolina

Full-time job

Corebridge Financial is seeking an Application Security Manager to lead their DevSecOps function, focusing on embedding security throughout the software development lifecycle. This strategic role requires expertise in application security, team management, and AI integration.

View Details

PythonJavaJavaScript

Corebridge Financial

Oct 18, 2025

Application Security Manager

Houston, Texas

Full-time job

Corebridge Financial is seeking an Application Security Manager to lead their DevSecOps function, focusing on integrating security throughout the software development lifecycle. The role requires both strategic and technical expertise in application security and AI-driven tools.

View Details

PythonJavaJavaScript

Corebridgefinancial

Oct 18, 2025

Application Security Manager

Jersey City, New Jersey

Full-time job

Corebridge Financial is seeking an Application Security Manager to lead their DevSecOps function, focusing on integrating security throughout the software development lifecycle. The role requires a blend of strategic leadership and technical expertise in application security and AI-driven tools.

View Details

PythonJavaJavaScript

Hallmark Global Technologies

Oct 24, 2025