Security engineer

Job Title : Security engineer

Job Location : Dallas - Texas

Job Type : Contract

Job Description :

Identify, triage, and remediate vulnerabilities such as injection flaws, insecure deserialization, and configuration issues.

Integrate and manage SAST and DAST tools within CI / CD pipelines.

Collaborate with development teams to ensure secure coding practices and assist in vulnerability remediation.

Design and implement security guardrails for AI-powered applications, addressing risks like prompt injection, model inversion, and data poisoning.

Develop and maintain security policies, procedures, and documentation.

Conduct security assessments, perform risk analysis, and provide actionable recommendations.

Build and maintain CI / CD pipelines using tools such as CloudBees, Jenkins, Buddy, and UrbanCode.

Automate security processes using Python, Java, or PowerShell.

Work with APIs, endpoints, and databases to develop integrated security solutions.

Implement and manage GitHub Advanced Security (code scanning, secret scanning, Dependabot).

Use IDEs such as Visual Studio, VS Code, Eclipse for secure development and debugging.

Work with Azure Resource Manager (ARM) and scripting tools (PowerShell, Azure CLI, Shell scripts, JavaScript, Python).

Collaborate in an Agile environment using Azure DevOps.

Perform third-party risk management using tools like OWASP Dependency-Check.

Mentor junior engineers and foster a culture of security awareness across teams.

Required Qualifications :

Minimum 8 years of experience in application security or software engineering with a security focus.

Strong programming skills in Python, Java, JavaScript, or C#.

At least 3 years of experience developing automation solutions using Python, Java, or PowerShell.

Preferred Qualifications :

Hands-on experience with SAST and DAST tools (e.g., Veracode, GitHub Advanced Security).

Deep understanding of security vulnerabilities across multiple languages.

Strong grasp of OWASP Top 10 and SANS Top 25 vulnerabilities.

Experience with AI security and GenAI risk mitigation (prompt injection, data leakage).

Familiarity with cloud-native security (AWS, Azure, GCP).

Knowledge of container security and infrastructure-as-code (IaC) scanning.

Certifications such as CompTIA Security+, CISSP, OSCP, or GIAC preferred.

Excellent communication skills for engaging both technical and non-technical stakeholders.

Ability to thrive in a global, collaborative environment.