Application Security Engineer Fortify
Job in
Huntsville, Madison County, Alabama, 35824, USA
Listed on 2026-01-24
Listing for:
Marathon TS
Full Time
position Listed on 2026-01-24
Job specializations:
-
IT/Tech
Cybersecurity, IT Consultant, Cloud Computing, Systems Engineer
Job Description & How to Apply Below
Overview
Contract | 2–3 Months | 40 Hours/Week | Fully Remote
We are seeking a hands-on Application Security / Dev Sec Ops Engineer with a strong software development background to support a short-term engagement focused on implementing and configuring application security scans using the Fortify scanning platform within an Azure Dev Ops CI/CD environment
.
This role is ideal for someone who can bridge development and security
, understands how modern pipelines work, and can translate technical implementations into clear, reusable documentation
.
- Application Security & Scan Implementation
- Design, configure, and implement Fortify static (SAST) scans within Azure Dev Ops pipelines
- Integrate Fortify scanning into existing CI/CD workflows (build, test, deploy stages)
- Configure scan parameters, rulesets, thresholds, and policies aligned to best practices
- Optimize scans for performance, accuracy, and minimal pipeline disruption
- Troubleshoot scan failures, false positives, and pipeline integration issues
- Support initial scan execution and validation across multiple codebases
- Work closely with software engineers to:
- Align scanning with development workflows
- Ensure scans are developer-friendly and actionable
- Provide guidance on secure coding practices and vulnerability remediation
- Help define "shift-left” security patterns within Azure Dev Ops
- Create clear, well-structured best-practice documentation
, including: - Fortify scan setup and configuration guides
- Standard operating procedures (SOPs) for running and maintaining scans
- Guidance for developers on interpreting scan results
- Engineering teams
- Security teams
- Future onboarding and sustainment
- Hands-on experience with Fortify application security scanning (SAST required)
- Build and release pipeline familiarity
- Understanding of CI/CD, Dev Sec Ops , and secure SDLC practices
- Experience working with:
- Static code analysis tools
- Vulnerability findings and remediation workflows
- Demonstrated ability to write clear, concise technical documentation
- Comfortable explaining security concepts to developers
- Strong written and verbal communication skills
- Experience with:
- Fortify Software Security Center (SSC)
- Policy enforcement and security gates
- DAST or SCA tools
- Familiarity with:
- OWASP Top 10
- NIST or secure coding standards
- Experience in enterprise or regulated environments (government, healthcare, finance)
- Duration: 2–3 months
- Schedule: ~40 hours per week
- Location: Fully remote (U.S. based preferred)
- Engagement Type: Contract / Project-based
- Start: ASAP
- ✔ Software engineer who understands CI/CD
- ✔ Hands-on with Fortify scanning tools
- ✔ Comfortable working independently on a defined project
- ✔ Able to implement solutions and document them clearly
- ✔ Pragmatic, security-minded, and developer-friendly
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×