Get all C2C Jobs / hotlists 🔥 Alerts

C2c Job Opening for ” Security Engineer – SCA / SAST – Contract

Security Engineer –  SCA / SAST

Loc: Noida, IN and San jose, ca ( 1 position ea. respectively)

Rate: Best rate DOE 

Client : Cadence 


 

Role Overview

We are looking for a Security Engineer specializing in SAST and SCA to strengthen our Application Security (AppSec) program. This role will focus on identifying, prioritizing, and driving remediation of code-level and open-source vulnerabilities across the software development lifecycle (SDLC).

The ideal candidate has a strong understanding of secure coding practices, vulnerability management, and developer workflows, with the ability to scale security testing through automation and process integration.

Key Responsibilities

SAST (Static Application Security Testing)

·       Operate and manage SAST tools (e.g., Checkmarx, Fortify, Veracode, CodeǪL)

·       Analyze scan results to:

o   Identify true positives vs false positives

o   Prioritize based on exploitability and business impact

·       Partner with development teams to:

o   Remediate vulnerabilities

o   Improve secure coding practices

·       Tune rules and policies to reduce noise and increase scan accuracy SCA (Software Composition Analysis)

·       Manage and optimize SCA tools (e.g., Sonatype, Snyk, Black Duck, WhiteSource/Mend, Dependabot)

·       Identify and track:

o   Vulnerabilities in third-party and open-source components

o   License and compliance risks

·       Drive:

 

o   Dependency upgrades and patching strategies

o   Risk-based prioritization for remediation

·       Maintain visibility into software bill of materials (SBOM)

 



 

SDLC Integration G Automation

·       Integrate SAST/SCA into:

o   CI/CD pipelines (GitHub, GitLab, Azure DevOps, Jenkins)

o   Developer workflows (PR checks, pre-commit hooks)

·       Automate:

o   Scan execution and reporting

o   Ticket creation and tracking (Jira or similar)

·       Ensure shift-left security adoption across engineering teams

 

 

Vulnerability Management G Reporting

·       Track vulnerability lifecycle:

o   Identification  Triage  Remediation  Closure

·       Provide:

o   Metrics and dashboards (e.g., SLA compliance, risk trends)

o   Executive-ready summaries for leadership

·       Support:

o   Audit and compliance requirements (ISO, SOC2, etc.)

 



 

Developer Enablement

·       Act as a trusted advisor to engineering teams

·       Provide:

o   Remediation guidance and secure coding recommendations

 

o   Documentation, FAǪs, and best practices

·       Conduct:

o   Developer training and awareness sessions

 

 

·       3–6+ years in Application Security, DevSecOps, or Secure Development

·       Hands-on experience with:

o   SAST and/or SCA tools in enterprise environments

·       Experience working closely with development teams and CI/CD pipelines

 



 

Technical Skills

·       Strong knowledge of:

o   OWASP Top 10

o   Secure coding practices (Java, Python, C/C++, JavaScript, etc.)

·       Experience with SAST tools such as:

o   Checkmarx, Fortify, Veracode, CodeǪL

·       Experience with SCA tools such as:

o   Snyk, Black Duck, Mend, Dependabot

Lucky Vegi 
Senior Technical Recruiter
732-289-2689 | lucky@mediit.io 
Kendall Park, New Jersey – 08824

About Author

I’m Monica Kerry, a passionate SEO and Digital Marketing Specialist with over 9 years of experience helping businesses grow their online presence. From SEO strategy, keyword research, content optimization, and link building to social media marketing and PPC campaigns, I specialize in driving organic traffic, boosting rankings, and increasing conversions. My mission is to empower brands with result-oriented digital marketing solutions that deliver measurable success.

Leave a Reply

Your email address will not be published. Required fields are marked *

×

Post your C2C job instantly

Quick & easy posting in 10 seconds

Keep it concise - you can add details later
Please use your company/professional email address
Simple math question to prevent spam