Application Security​/DevSecOps Engineer

Position Overview

Our client is looking to build out their Dev Sec Ops  team and are going to be focusing on a 3‑5 year roadmap. They need an engineer that can come onsite in a hybrid capacity, max 2 days onsite in downtown Chicago, IL per week. The role is a long‑term contract and they are actively reviewing candidates. The client is going to be migrating from Azure ADO to Git Hub for CI/CD, so experience with a similar migration would be ideal.

The client is revamping their Dev Ops practice and building a future state 3‑5 year roadmap. Within this roadmap they will be migrating from Azure ADO to Git Hub for CI/CD. During this maturity program they are hiring a Dev Sec Ops  Engineer to ensure a security first mindset. This resource will be working under the Security Team assisting to build the framework and self service model for Dev Ops Engineers.

• Champion Secure‑by‑Design and Defense‑in‑Depth principles throughout the software development lifecycle
• Apply OWASP (e.g., Top 10, ASVS) and MITRE ATT&CK/CWE frameworks to evaluate and communicate threats and control gaps
• Code Review
• SAST and SCA Auditing
• CNAPP Auditing
• Integration of Scanning Tools into CI/CD Pipeline
• Act as SME in various cross‑functional team calls
• Prioritization of backlog and sprint selection for security items

The Application Security Engineer plays a crucial role in overseeing the security of development operations (Dev Sec Ops ) for the organization. Reporting directly to the Deputy CISO and with key relationships to the Development Operations and IT Operations teams, this role provides engineering, analytical and operational expertise across a range of AWS and Azure services and other cloud‑based security solutions.

• Security oversight of the continuous delivery, continuous integration (CI/CD) pipeline
• Combination of static and dynamic application security testing (SAST/DAST) to identify code bugs and application issues
• Software composition analysis (SCA) to track all open‑source components in the developer's code base
• Threat modelling to identify architectural design faults and potentially exposed targets of attack
• Evaluate and advise on service deployment into a microservices architecture (Kubernetes), and operational functions relative to security best practices and compliance requirements
• Maintain security issue tracking and reporting using Azure Dev Ops (ADO) currently prior to moving to Git Hub
• Develop and maintain documentation of target state designs and security roadmaps

Application security, Penetration test

Prefer experience in:

• Reading / reviewing .NET / C#, JavaScript / Type Script
• Azure or AWS Cloud
• Azure Dev Ops or similar SCM / bug tracking
• SAST / SCA technologies
• CNAPP or other cloud posture tools (CSPM)
• Manual security testing (pen testing) of web applications (burp suite)

Which SAST/SCA tools are currently in use? Checkmarx (largely going through and auditing, not as much configuration) and while the Checkmarx tool is preferred, it's not an absolute mandatep>

What CNAPP or CSPM tools are in place (e.g., Wiz, Prisma Cloud, Orca)? Prisma

What AAS services are most heavily used in the platform? EKS, any Kubernetes experience is certainly a bonus

Expert Level

This is a Contract position based out of Chicago, IL.

The pay range for this position is $10.00 - $10.00/hr.

Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre‑tax and Roth post‑tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long‑term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)

This is a hybrid position in Chicago, IL.

This position is anticipated to close on Feb 16, 2026.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.