AppSec Lead / Static Code Analysis & WebApp Pen Testing / Hybrid

Are you an experienced Application Security professional with strong hands-on SAST and web application penetration testing experience? A leading local security consulting firm is looking for an Application Security Lead to join their lean, highly technical Vulnerability Management team. This is a permanent need within the company - hired as a W2 contract-to-hire reporting to any of the following locations: Wilmington, DE; Des Moines, IA; or Irving, TX.

This person will focus heavily on static application security testing (SAST) and managing web application penetration testing processes. You'll help drive the technical side of vulnerability management initiatives, work closely with developers on secure coding practices, and lead technical conversations with both internal teams and leadership. The role is split between hands-on AppSec work and high-level mentorship/technical leadership. If you're looking to stay technical while stepping into a leadership capacity within a close-knit team, this is a fantastic opportunity with a company known for its hands-on expertise and collaborative environment.

Required Skills & Experience

• 5 years in Security, focused on AppSec, Web Applications, or DevSecOps;
• Strong hands-on experience with static code analysis tools (Fortify, Veracode, etc.);
• Experience conducting or supporting web application penetration tests;
• Ability to analyze static scan results, identify false positives, and guide developers on secure remediation;
• Proven track record translating technical findings into actionable insights for senior leadership.

Desired Skills & Experience

• Familiarity working in lean, highly collaborative security teams
• Strong scheduling, prioritization, and negotiation skills around AppSec assessments.

What You Will Be Doing
Tech Breakdown

• 50% Static Code Analysis (SAST) and Web Application Penetration Testing
• 50% Scheduling, vulnerability management, technical leadership, and cross-team collaboration

Daily Responsibilities

• 40% Hands-on
• 60% Technical leadership and Collaboration

Applicants must be currently authorized to work in the US on a full-time basis now and in the future.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.