DevSecOps & Maturity Measurement Implementation: 

• Assess, report, and assist with improving application security and DevSecOps Maturity, utilizing a measurement framework such as DSOMM or BSIMM, across the organization. 
• Define and implement security policies, standards, and best practices for DevOps, CI/CD pipelines, and cloud security. 
• Work with development and DevOps teams to integrate automated security testing (SAST, DAST, SCA, IaC security scanning, etc.) into pipelines. 
• Establish security gates in CI/CD workflows to prevent deployment of vulnerable code. 

Application Security & Code Vulnerabilities:

• Perform code reviews, static/dynamic security testing (SAST/DAST), and secure coding guidance to developers. 
• Identify and remediate vulnerabilities in application code, libraries, containers, and infrastructure as code (IaC). 
• Develop and enforce secure coding standards in alignment with OWASP, NIST, and other frameworks. 
• Conduct threat modeling and security architecture reviews for applications and services. For example, assist application teams with developing accurate data flow diagrams and developing appropriate identity management solutions. 
• Manage and mature Bot Management services for all applications. Assist with WAF management and maturity. 
• Improve secrets management and API security. 

Vulnerability Management & Risk Reduction: 

• Manage and mature enterprise-wide Bug Bounty program (e.g. BugCrowd, HackerOne) 
• Manage vulnerability scanning tools (e.g., Tenable, Qualys, Sonar, Snyk) and prioritize remediation efforts. 
• Track, assess, and coordinate the remediation of vulnerabilities across the application, infrastructure, and cloud environments. 
• Develop risk-based vulnerability management workflows and collaborate with engineering teams to drive fixes. 
• Monitor security dashboards and metrics, ensuring vulnerabilities are patched in alignment with SLAs. 

Security CI/CD Automation & Tooling: 

• Implement security automation using APIs, scripts, and cloud-native security controls. 
• Work with DevOps engineers to integrate security tooling (like SemGrep, Snyk, Cycode) or within Jenkins, GitHub, GitLab CI/CD, or AWS DevOps. 
• Automate security findings triage, reporting, and prioritization processes. 

Security Awareness & Collaboration: 

• Train and mentor developers on secure coding, threat modeling, DevSecOps, and vulnerability management best practices. 
• Collaborate with security operations, incident response, and compliance teams on security initiatives. 
• Participate in security assessments, penetration testing, and security incident investigations.

• Bachelor’s Degree in Information Security, Cybersecurity, Computer Science, or a related field OR a minimum of 6 years’ equivalent experience in lieu of a degree
• 4+ years of experience in application security, DevSecOps, and security engineering OR a combination of 2+ years experience as a developer and 2+ years in application security, DevSecOps, and security engineering
• Hands-on experience with DevSecOps tools (SAST, DAST, SCA, container security, IaC security), integrating security solutions within CI/CD pipelines, strong knowledge of secure coding principles (OWASP Top 10, SANS CWE Top 25), and familiarity with AI ML or LLM usage within security tooling. 
• Experience with vulnerability management, web app penetration testing tooling, and security certifications like CISSP, OSCP, GCPN, GCSA, AWS Security Specialty, or CSSLP are preferred. 
• Proficiency in Bot Management tooling, client-side monitoring tooling, and implementing maturity measurement frameworks such as DSOMM or BSIMM in an enterprise setting. 
• Ability to understand and communicate best-practice system architectures, data flows, and security controls within modern web applications and cloud (SaaS/PaaS, IaaS). 
• Excellent verbal and written communication skills, with the ability to communicate complex security concepts to technical and non-technical stakeholders. 

About HDJ & Associates, Inc.

HDJ + Associates is consistently named one of the top recruiting firms in the Pittsburgh area. We are a professional employment and search solutions company focused on recruiting the best possible talent available in today’s demanding market place. Our clients often tell us that finding the right candidates to join their company is one of the most difficult tasks on their already overburdened task list. Likewise, our candidates often tell us that finding the right position in today’s crowded market place is frustrating and overwhelming. Let HDJ + Associates take the pressure out of the recruiting process for both candidates and employers. We will hit the employment bullseye each time streamlining the recruiting process to success.

Connections working at HDJ & Associates, Inc.