We are seeking a hands-on DevSecOps Engineer with a strong software development background to implement and configure application security scans using Fortify within an Azure DevOps CI/CD environment. The ideal candidate will bridge development and security, understand modern pipelines, and translate technical implementations into clear documentation. This is a short-term engagement focused on a specific project.
Key Highlights
Technical Skills Required
Benefits & Perks
Job Description
DevSecOps / Application Security Engineer (Fortify & Azure DevOps)
Contract | 2โ3 Months | 40 Hours/Week | Fully Remote
Overview
We are seeking a hands-on Application Security / DevSecOps Engineer with a strong software development background to support a short-term engagement focused on implementing and configuring application security scans using the Fortify scanning platform within an Azure DevOps CI/CD environment.
This role is ideal for someone who can bridge development and security, understands how modern pipelines work, and can translate technical implementations into clear, reusable documentation.
Responsibilities
Application Security & Scan Implementation
- Design, configure, and implement Fortify static (SAST) scans within Azure DevOps pipelines
- Integrate Fortify scanning into existing CI/CD workflows (build, test, deploy stages)
- Configure scan parameters, rulesets, thresholds, and policies aligned to best practices
- Optimize scans for performance, accuracy, and minimal pipeline disruption
- Troubleshoot scan failures, false positives, and pipeline integration issues
- Support initial scan execution and validation across multiple codebases
DevSecOps & Engineering Collaboration
- Work closely with software engineers to:
- Align scanning with development workflows
- Ensure scans are developer-friendly and actionable
- Provide guidance on secure coding practices and vulnerability remediation
- Help define "shift-leftโ security patterns within Azure DevOps
Documentation & Knowledge Transfer
- Create clear, well-structured best-practice documentation, including:
- Fortify scan setup and configuration guides
- Azure DevOps pipeline integration instructions
- Standard operating procedures (SOPs) for running and maintaining scans
- Guidance for developers on interpreting scan results
- Produce documentation suitable for:
- Engineering teams
- Security teams
- Future onboarding and sustainment
Required Qualifications
Technical Skills
- Strong background in software development (Java, C#, JavaScript, Python, or similar)
- Hands-on experience with Fortify application security scanning (SAST required)
- Proven experience configuring Azure DevOps pipelines
- YAML pipelines preferred
- Build and release pipeline familiarity
- Understanding of CI/CD, DevSecOps, and secure SDLC practices
- Experience working with:
- Static code analysis tools
- Vulnerability findings and remediation workflows
Documentation & Communication
- Demonstrated ability to write clear, concise technical documentation
- Comfortable explaining security concepts to developers
- Strong written and verbal communication skills
Preferred / Nice-to-Have Qualifications
- Experience with:
- Fortify Software Security Center (SSC)
- Policy enforcement and security gates
- DAST or SCA tools
- Familiarity with:
- OWASP Top 10
- NIST or secure coding standards
- Experience in enterprise or regulated environments (government, healthcare, finance)
Engagement Details
- Duration: 2โ3 months
- Schedule: ~40 hours per week
- Location: Fully remote (U.S. based preferred)
- Engagement Type: Contract / Project-based
- Start: ASAP
Ideal Candidate Profile (Summary)
โ Software engineer who understands CI/CD
โ Hands-on with Fortify scanning tools
โ Comfortable working independently on a defined project
โ Able to implement solutions and document them clearly
โ Pragmatic, security-minded, and developer-friendly
Similar Jobs
Explore other opportunities that match your interests
apptad
decryption digest
