6 month contract to hire
Charlotte, NC (Hybrid)
Key Responsibilities
- Lead application discovery and inventory initiatives across business units, including:
- Ownership mapping
- Technology stack profiling
- Risk classification and tiering
- Deploy, integrate, and support enterprise AppSec tooling including:
- SAST
- SCA
- Secrets scanning
- Container scanning
- Infrastructure-as-Code (IaC) scanning
- Integrate AppSec tooling into CI/CD pipelines across multiple development teams and environments.
- Design and implement AI-assisted AppSec workflows focused on:
- Finding triage
- False positive reduction
- Vulnerability summarization
- Developer remediation guidance
- Define and operationalize secure SDLC standards, threat modeling practices, and security gates within engineering workflows.
- Partner closely with development leaders and business units to operationalize security practices without negatively impacting delivery velocity.
- Evaluate emerging AI security technologies including:
- AI code review assistants
- Agentic security testing tools
- Automated security requirement generation
- Contribute to the enterprise AI security strategy and provide recommendations on tooling adoption and operationalization.
- Produce executive-ready reporting and metrics that demonstrate AppSec maturity and measurable business risk reduction.
Required Qualifications
- 7+ years of experience within Application Security, Product Security, or Security Engineering environments.
- Minimum 3+ years supporting organizations with multiple business units, brands, or product lines.
- Hands-on experience deploying and operating modern AppSec tooling such as:
- Semgrep
- Snyk
- Checkmarx
- Veracode
- Apiiro
- Ox Security
- GitHub Advanced Security
- Strong code-level proficiency across at least three modern programming languages such as:
- Python
- JavaScript / TypeScript
- Java
- C#
- Go
- Strong scripting and automation experience using Python or similar languages.
- Experience building integrations against REST APIs and supporting CI/CD environments including:
- GitHub Actions
- GitLab CI
- Jenkins
- Azure DevOps
- Strong understanding of:
- OWASP Top 10
- Threat modeling methodologies (STRIDE, PASTA, etc.)
- Modern application attack vectors
- Software supply chain risks
- Proven ability to influence engineering organizations and drive adoption of security standards without direct authority.
- Experience integrating LLM-based tooling into AppSec or security operations workflows.
- Familiarity with compliance frameworks such as:
- HITRUST
- HIPAA
- NIST AI RMF
- SOC 2
- Experience supporting regulated or healthcare-adjacent environments.
- Strong cloud security expertise within AWS, Azure, or GCP environments.
Estimated Min Rate: $50.40
Estimated Max Rate: $72.00
What’s In It for You?
We welcome you to be a part of the largest and legendary global staffing companies to meet your career aspirations. Yoh’s network of client companies has been employing professionals like you for over 65 years in the U.S., UK and Canada. Join Yoh’s extensive talent community that will provide you with access to Yoh’s vast network of opportunities and gain access to this exclusive opportunity available to you. Benefit eligibility is in accordance with applicable laws and client requirements. Benefits include:
- Medical, Prescription, Dental & Vision Benefits (for employees working 20+ hours per week)
- Health Savings Account (HSA) (for employees working 20+ hours per week)
- Life & Disability Insurance (for employees working 20+ hours per week)
- MetLife Voluntary Benefits
- Employee Assistance Program (EAP)
- 401K Retirement Savings Plan
- Direct Deposit & weekly epayroll
- Referral Bonus Programs
- Certification and training opportunities
Note: Any pay ranges displayed are estimations. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.
Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Visit https://www.yoh.com/applicants-with-disabilities to contact us if you are an individual with a disability and require accommodation in the application process.
For California applicants, qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. All of the material job duties described in this posting are job duties for which a criminal history may have a direct, adverse, and negative relationship potentially resulting in the withdrawal of a conditional offer of employment.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
By applying and submitting your resume, you authorize Yoh to review and reformat your resume to meet Yoh’s hiring clients’ preferences. To learn more about Yoh’s privacy practices, please see our Candidate Privacy Notice: https://www.yoh.com/privacy-notice
