DevSecOps Engineer (Fortify & Azure DevOps)

DevSecOps / Application Security Engineer (Fortify & Azure DevOps)

Contract | 2–3 Months | 40 Hours/Week | Fully Remote

Overview

We are seeking a hands-on Application Security / DevSecOps Engineer with a strong software development background to support a short-term engagement focused on implementing and configuring application security scans using the Fortify scanning platform within an Azure DevOps CI/CD environment.

This role is ideal for someone who can bridge development and security, understands how modern pipelines work, and can translate technical implementations into clear, reusable documentation.

Responsibilities

Application Security & Scan Implementation

• Design, configure, and implement Fortify static (SAST) scans within Azure DevOps pipelines
• Integrate Fortify scanning into existing CI/CD workflows (build, test, deploy stages)
• Configure scan parameters, rulesets, thresholds, and policies aligned to best practices
• Optimize scans for performance, accuracy, and minimal pipeline disruption
• Troubleshoot scan failures, false positives, and pipeline integration issues
• Support initial scan execution and validation across multiple codebases

DevSecOps & Engineering Collaboration

• Work closely with software engineers to:
• Align scanning with development workflows
• Ensure scans are developer-friendly and actionable
• Provide guidance on secure coding practices and vulnerability remediation
• Help define "shift-left” security patterns within Azure DevOps

Documentation & Knowledge Transfer

• Create clear, well-structured best-practice documentation, including:
• Fortify scan setup and configuration guides
• Azure DevOps pipeline integration instructions
• Standard operating procedures (SOPs) for running and maintaining scans
• Guidance for developers on interpreting scan results
• Produce documentation suitable for:
• Engineering teams
• Security teams
• Future onboarding and sustainment

Required Qualifications

Technical Skills

• Strong background in software development (Java, C#, JavaScript, Python, or similar)
• Hands-on experience with Fortify application security scanning (SAST required)
• Proven experience configuring Azure DevOps pipelines
• YAML pipelines preferred
• Build and release pipeline familiarity
• Understanding of CI/CD, DevSecOps, and secure SDLC practices
• Experience working with:
• Static code analysis tools
• Vulnerability findings and remediation workflows

Documentation & Communication

• Demonstrated ability to write clear, concise technical documentation
• Comfortable explaining security concepts to developers
• Strong written and verbal communication skills

Preferred / Nice-to-Have Qualifications

• Experience with:
• Fortify Software Security Center (SSC)
• Policy enforcement and security gates
• DAST or SCA tools
• Familiarity with:
• OWASP Top 10
• NIST or secure coding standards
• Experience in enterprise or regulated environments (government, healthcare, finance)

Engagement Details

• Duration: 2–3 months
• Schedule: ~40 hours per week
• Location: Fully remote (U.S. based preferred)
• Engagement Type: Contract / Project-based
• Start: ASAP

Ideal Candidate Profile (Summary)

✔ Software engineer who understands CI/CD

✔ Hands-on with Fortify scanning tools

✔ Comfortable working independently on a defined project

✔ Able to implement solutions and document them clearly

✔ Pragmatic, security-minded, and developer-friendly