Nesco Resource
DevSecOps Engineer / Application Security Specialist
Base pay range: $60.00/hr - $75.00/hr
Overview We are seeking a proactive DevSecOps Engineer / Application Security Specialist to join our team. In this role, you will ensure the security of applications throughout the Software Development Life Cycle (SDLC). You will work closely with development teams to implement secure coding practices, conduct security assessments, and remediate vulnerabilities. Your focus will be on integrating security into development processes and collaborating with cross‑functional teams to make security a core part of the workflow.
Responsibilities
Conduct comprehensive security assessments of applications, including SAST, SCA, DAST, penetration testing, and vulnerability assessments.
Collaborate with development teams to perform threat modeling and prioritize potential risks in applications.
Provide training and guidance to developers on secure coding practices and the effective use of security tools.
Assist in investigating and remediating security incidents related to application vulnerabilities.
Contribute to the development and maintenance of application security policies, standards, and procedures.
Evaluate, implement, and manage CI/CD security tools (e.g., Jenkins, Azure DevOps) and security testing tools (e.g., Checkmarx, Qualys, JFrog Xray, Twistlock).
Work closely with cross‑functional teams to integrate security into the CI/CD pipeline and development processes.
Apply container security best practices for Kubernetes, OpenShift, and related environments, monitoring for suspicious behavior and implementing runtime protection.
Maintain up‑to‑date documentation of security assessments, findings, and remediation activities.
Apply OWASP methodologies to secure web applications, APIs, mobile environments, CI/CD processes, and large language models (LLMs).
Ensure compliance with industry security standards, frameworks, and controls.
Required Skills & Expertise
Expertise in SAST, SCA, DAST, penetration testing, and vulnerability assessments.
Strong understanding of secure coding practices, with experience training developers.
Knowledge of threat modeling, security architecture reviews, and vulnerability assessments.
Experience investigating and remediating security incidents.
Hands‑on experience with CI/CD security tools (Jenkins, Azure DevOps) and security testing tools (Checkmarx, Qualys, JFrog Xray, Twistlock).
Familiarity with cloud architectures (AWS, Azure).
Experience securing container environments (Kubernetes, OpenShift) including images, registries, networks, and runtimes.
Deep understanding of OWASP Top 10, PCI DSS, ISO 27001, NIST, and other relevant security standards.
Strong analytical, problem‑solving, and communication skills. Fluency in English; French is a plus.
Qualifications
Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
Minimum 5 years of hands‑on experience in IT security roles, preferably in the financial services or enterprise environment.
Experience with programming languages and secure coding practices.
Familiarity with CI/CD practices, automation tools, and container security technologies.
Benefits Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.
EEO Statement Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
#J-18808-Ljbffr
Overview We are seeking a proactive DevSecOps Engineer / Application Security Specialist to join our team. In this role, you will ensure the security of applications throughout the Software Development Life Cycle (SDLC). You will work closely with development teams to implement secure coding practices, conduct security assessments, and remediate vulnerabilities. Your focus will be on integrating security into development processes and collaborating with cross‑functional teams to make security a core part of the workflow.
Responsibilities
Conduct comprehensive security assessments of applications, including SAST, SCA, DAST, penetration testing, and vulnerability assessments.
Collaborate with development teams to perform threat modeling and prioritize potential risks in applications.
Provide training and guidance to developers on secure coding practices and the effective use of security tools.
Assist in investigating and remediating security incidents related to application vulnerabilities.
Contribute to the development and maintenance of application security policies, standards, and procedures.
Evaluate, implement, and manage CI/CD security tools (e.g., Jenkins, Azure DevOps) and security testing tools (e.g., Checkmarx, Qualys, JFrog Xray, Twistlock).
Work closely with cross‑functional teams to integrate security into the CI/CD pipeline and development processes.
Apply container security best practices for Kubernetes, OpenShift, and related environments, monitoring for suspicious behavior and implementing runtime protection.
Maintain up‑to‑date documentation of security assessments, findings, and remediation activities.
Apply OWASP methodologies to secure web applications, APIs, mobile environments, CI/CD processes, and large language models (LLMs).
Ensure compliance with industry security standards, frameworks, and controls.
Required Skills & Expertise
Expertise in SAST, SCA, DAST, penetration testing, and vulnerability assessments.
Strong understanding of secure coding practices, with experience training developers.
Knowledge of threat modeling, security architecture reviews, and vulnerability assessments.
Experience investigating and remediating security incidents.
Hands‑on experience with CI/CD security tools (Jenkins, Azure DevOps) and security testing tools (Checkmarx, Qualys, JFrog Xray, Twistlock).
Familiarity with cloud architectures (AWS, Azure).
Experience securing container environments (Kubernetes, OpenShift) including images, registries, networks, and runtimes.
Deep understanding of OWASP Top 10, PCI DSS, ISO 27001, NIST, and other relevant security standards.
Strong analytical, problem‑solving, and communication skills. Fluency in English; French is a plus.
Qualifications
Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
Minimum 5 years of hands‑on experience in IT security roles, preferably in the financial services or enterprise environment.
Experience with programming languages and secure coding practices.
Familiarity with CI/CD practices, automation tools, and container security technologies.
Benefits Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.
EEO Statement Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
#J-18808-Ljbffr