Application Security Engineer Fortify jobs in United States
cer-icon
Apply on Employer Site
company-logo

Marathon TS ยท 16 hours ago

Application Security Engineer Fortify

positionUnited States
timeContract
remoteRemote
seniorityMid Level

Marathon TS is seeking a hands-on Application Security / DevSecOps Engineer with a strong software development background for a short-term engagement. The role focuses on implementing and configuring application security scans using the Fortify scanning platform within an Azure DevOps CI/CD environment.

Information ServicesProfessional NetworkingProfessional ServicesTechnical Support
check
Growth Opportunities
Hiring Manager
Timothy Nealon
linkedin

Responsibilities

Design, configure, and implement Fortify static (SAST) scans within Azure DevOps pipelines
Integrate Fortify scanning into existing CI/CD workflows (build, test, deploy stages)
Configure scan parameters, rulesets, thresholds, and policies aligned to best practices
Optimize scans for performance, accuracy, and minimal pipeline disruption
Troubleshoot scan failures, false positives, and pipeline integration issues
Support initial scan execution and validation across multiple codebases
Work closely with software engineers to:
Align scanning with development workflows
Ensure scans are developer-friendly and actionable
Provide guidance on secure coding practices and vulnerability remediation
Help define 'shift-left' security patterns within Azure DevOps
Create clear, well-structured best-practice documentation, including:
Fortify scan setup and configuration guides
Azure DevOps pipeline integration instructions
Standard operating procedures (SOPs) for running and maintaining scans
Guidance for developers on interpreting scan results
Produce documentation suitable for:
Engineering teams
Security teams
Future onboarding and sustainment

Qualification

Fortify application security scanningAzure DevOps pipelinesSoftware developmentCI/CDSecure SDLC practicesYAML pipelinesStatic code analysis toolsVulnerability remediation workflowsTechnical documentationCommunication skills

Required

Strong background in software development (Java, C#, JavaScript, Python, or similar)
Hands-on experience with Fortify application security scanning (SAST required)
Proven experience configuring Azure DevOps pipelines
YAML pipelines preferred
Build and release pipeline familiarity
Understanding of CI/CD, DevSecOps, and secure SDLC practices
Experience working with static code analysis tools
Experience working with vulnerability findings and remediation workflows
Demonstrated ability to write clear, concise technical documentation
Comfortable explaining security concepts to developers
Strong written and verbal communication skills

Preferred

Experience with Fortify Software Security Center (SSC)
Experience with policy enforcement and security gates
Experience with DAST or SCA tools
Familiarity with OWASP Top 10
Familiarity with NIST or secure coding standards
Experience in enterprise or regulated environments (government, healthcare, finance)

Company

Marathon TS

twittertwittertwitter
company-logo
Marathon TS provides a full range of consulting & manpower services for clients that needs support from skilled and experienced individuals.
dateFounded in 2009
location
Sterling, Virginia, USA
people-size51-200 employees
web-link
http://marathonts.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Kevin Davis
Chief Growth Officer
linkedin
Company data provided by crunchbase