SAST Security Engineer at Apex Systems, Inc. in Dallas, TX

Job#: 2063704

Job Description:

Client: SWA

Location: REMOTE

Contract: Long term open ended. Can convert to FTE

Below are the key skills and experience I’d like to see for the AppSec contractor role:

-SAST/SCA Experience – General experience working with Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools.

-SAST/SCA (Veracode) Onboarding & ServiceNow Management – Ability to onboard applications into Veracode, configure scans, troubleshoot integration issues, and effectively manage Veracode-related RITMs within ServiceNow. This includes handling requests for adding/removing applications, teams, and API accounts, as well as reviewing mitigation submissions.

-GitLab CI/CD Security Operations – Strong understanding of GitLab CI/CD pipelines and how security scanning tools, including Veracode, are integrated. Ability to troubleshoot security scan issues, analyze pipeline failures, and determine when to escalate to the engineering team for resolution.

-Mitigation Assessment & Approval – Expertise in evaluating remediation plans and compensating controls to determine their effectiveness in addressing security risks. Ability to make informed approval or denial decisions based on industry best practices and organizational security policies.

What specific SAST and SCA tools should the candidate be familiar with?
Veracode, GitLab Ultimate

How much experience should they have with these tools?

The candidate should have a solid understanding of how these tools function and their purpose within the security framework. While deep expertise is not required, they should be comfortable navigating the tools and leveraging their capabilities effectively.

What will the candidates responsibilities be when onboarding and managing applications in security tools?

Upon receiving a RITM (Request Item), the candidate must extract relevant details from the ticket and properly configure the team/application in Veracode with accurate data. They should ensure all necessary information from the ticket is correctly applied or take appropriate action based on the request.

What troubleshooting skills are crucial for resolving integration issues with security tools?

The candidate should be proficient in navigating Gitlab pipeline jobs and glean useful information from the command-line interface logs. Additionally, they should be able to navigate Veracode or other SAST platform tools when helping a dev or customer and know when to engage other appropriate teams for resolution if further support is required.

How should the candidate handle security-related tasks and requests in ServiceNow?

The process aligns with the responsibilities outlined in question 3. The candidate should review the request details, ensure accuracy, and take the necessary steps to fulfill the request appropriately.

What kind of experience should they have with integrating security scanning tools into CI/CD pipelines?

While they are not expected to develop integrations themselves, the candidate should have a working knowledge of how SAST and SCA tools integrate into GitLab. They must understand these integrations well enough to assess their functionality and troubleshoot basic issues.

How should the candidate evaluate and approve remediation plans and compensating controls?

The candidate should thoroughly review requests, ensuring all necessary details are included. If information is insufficient, they should engage with the requestor (e.g., developers) to obtain additional details. Once the full context is available, they must assess whether the proposed remediation or compensating control effectively mitigates the risk and take the appropriate action to approve or deny the request.

Will the candidate be involved in remediating issues found in scans? If so, to what extent?

No, the candidate will not be directly coding fixes. However, they will act as a consultant, working closely with developers to help them understand identified vulnerabilities and guide them in remediating their code effectively

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or 844-463-6178.

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet’ as well, which an Apex team member can provide.