Application Security Engineer (DevSecOps) - Remote

About the Role

We are seeking an experienced Application Security Engineer (DevSecOps) remote to join our dynamic team at Sectech Solutions. This role is 100% remote and operates within the USA Eastern Time Zone. As an Application Security Engineer, you will be responsible for operationalizing application security scanning and findings management within Odyssey’s Azure DevOps CI/CD environment. Your expertise will help us integrate and tune Snyk SAST and SCA scanning, ensuring that security results are credible, visible, and actionable for our development teams.

What You'll Do

• Integrate, configure, and tune Snyk SAST and SCA scans within Azure DevOps CI/CD pipelines for multiple applications on a mixed-language stack.
• Apply DevSecOps patterns, such as branch policies and build gates, to reduce noise and improve findings credibility.
• Collaborate closely with the Azure domain administrator to align Snyk integration with Azure DevOps standards and governance.
• Triage and manage the existing backlog of Snyk SAST/SCA findings, ensuring issues are routed into normal engineering workstreams.
• Develop and maintain a Findings Triage & Management Process, including MTTR definitions by severity and false-positive handling procedures.
• Act as a DevSecOps partner to development teams, integrating remediation work into Azure Boards or equivalent work tracking systems.
• Co-develop and co-deliver developer enablement on the Snyk scanning workflow and remediation expectations.
• Define baseline security metrics and provide inputs to shared dashboards, ensuring reporting supports security governance and risk visibility.

Requirements

• Hands-on DevSecOps experience, including practical implementation of security controls within CI/CD pipelines.
• Strong experience with SAST and SCA tooling (preferably Snyk), including deployment, configuration, and findings triage.
• Direct experience integrating and tuning security scanning in Azure DevOps CI/CD, including pipeline templates and service connections.
• Ability to triage findings across a mixed-language codebase, not limited to a single technology stack.
• Strong communication skills to explain findings and remediation clearly to non-security development teams.

Nice to Have

• Experience in financial services, insurance, or other regulated industries.
• Familiarity with secure SDLC practices and collaboration with SDLC process/governance teams.
• Prior involvement in DevSecOps transformations or CI/CD security automation initiatives.

What We Offer

• Competitive salary in the range of $120,000 - $140,000 per year.
• Fully remote work environment with flexible hours.
• Opportunities for professional development and training.
• Collaborative and innovative team culture.
• Access to the latest tools and technologies in the field.