DevSecOps Engineer (Application Security Specialist)
Department: Technology Risk (TRI)
Team: Enterprise Application Security
Location: Greensboro, NC (Remote to start; Hybrid – 3 days onsite if converted full-time)
Overview
We are seeking a DevSecOps Engineer / Application Security Specialist to join our Enterprise Application Security team. This group is responsible for securing internally developed and vendor-based web and mobile applications across the organization.
This role is a mix of hands-on development and application security—partnering closely with engineering teams to identify vulnerabilities, review code, and drive secure remediation practices.
Key Responsibilities
- Perform security assessments of web and mobile applications
- Review source code and identify vulnerabilities
- Partner directly with developers to remediate security issues
- Analyze and prioritize findings from security tools
- Provide guidance on secure coding best practices
- Support API, runtime application, and mobile security initiatives
- Contribute to development efforts (~30–40% hands-on coding)
Required Qualifications
- 3+ years of experience in application security and/or software development
- Strong programming skills in Java, Python (preferred), or similar languages
- Hands-on experience with:
- Secure coding practices
- Application security (AppSec)
- API security, mobile security, or runtime security
- Proven ability to communicate and collaborate with developers on vulnerability remediation
Preferred Qualifications
- Experience with security tools such as:
- Checkmarx
- SonarQube
- Nexus IQ
- Black Duck
- Noname Security
- Experience working within DevSecOps environments
Experience Levels
- Senior role: 6+ years of experience (primary opening)
- Mid-level role: 3+ years of experience (second opening)
Additional Details
- Interview process:
- 1.5-hour panel interview (4 interviewers)
- Focus on coding and application security concepts