DevSecOps/AppSec Consultant / Contract / Hybrid / Greensboro, NC

Our client, a leader in healthcare, is seeking a contract DevSecOps Engineer, AppSec Specialist. This is a 100% remote role with candidates required to be in Guilford County/Greensboro, NC.

This is a contractor request to address an immediate AppSec capacity need due to resource gaps. The role is critical to sustaining AppSec operations, reducing backlog, supporting enterprise application security assessments, and managing cyber risk across company applications. U.S. based ClickStaff path is needed to restore capacity sooner.

This position supports the Application Security program by enabling stronger security throughout the software development lifecycle through automated, developer friendly security tools and processes integrated into application delivery workflows. Responsibilities include secure CI/CD design and implementation, application security tool integration, security automation, cloud based DevSecOps processes, vulnerability scanning integration, documentation, developer self service enablement, security tooling improvement, and guidance to cybersecurity and development teams. The role will also support AppSec assessment activities across web, mobile, API, and cloud enabled applications, including SAST, OSCA, DAST, API security, and mobile security testing. The resource will help validate vulnerabilities, reduce false positives, provide remediation guidance, support defect tracking, and work directly with development teams to drive timely remediation. This role requires experience with application security best practices, enterprise security solutions, AWS or Azure, scripting or coding, software design and architecture, Agile delivery, CI/CD, DevSecOps tools, vulnerability assessment practices, and strong communication skills to explain technical findings clearly to developers and stakeholders.

Contract duration: - 12 months (with FTE conversion potential)

Required skills:

• 3 to 6 years of related application security, DevSecOps, software development, security testing, or vulnerability management experience.
• Specific Systems Knowledge Required: Application Security, DevSecOps, CI/CD pipelines, secure SDLC, SAST, SCA/OSCA, DAST, API security, vulnerability validation, remediation guidance, GitHub, Jira, Jenkins, cloud security concepts, REST/SOAP APIs, and scripting or development experience such as Java, Python, Ruby, Go, or Node.js.

• Strong hands-on application security and secure coding knowledge.
• DevSecOps, CI/CD, and security tool integration experience.
• Strong communication skills with the ability to explain vulnerabilities, risk, and remediation clearly to developers and stakeholders.

• Specific Systems Knowledge Preferred: Checkmarx One, Sonatype Nexus IQ, WhiteHat or Black Duck DAST, Noname API Security, NowSecure, Atlas, Salesforce intake workflows, Jira defect management, Docker, Kubernetes, AWS, Azure, and enterprise DevSecOps pipeline integration.
• Preferred certifications include CISSP, CSSLP, GIAC, Security Plus, AWS Security, Azure Security, or other relevant application security or cloud security certifications.
• Preferred Level of Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Security, or related field.

• Support end to end AppSec services, including intake, assessment scoping, and application team engagement.
• Support SAST, SCA, DAST, API security, and mobile security assessment activities, including onboarding, validation, reporting, and remediation guidance.
• Help reduce AppSec backlog and improve vulnerability management by working with application teams on findings, remediation, and closure.