Strategic Staffing Solutions

Job Title: Information Security Engineer 4 – Software Security (Security Delivery / Project Focus)

Location: , Charlotte, NC (Hybrid)

Duration: 12 months (with potential for extension)

Job Description

We are seeking an Information Security Engineer 4 to support a Software Security organization. This role partners closely with Agile development teams to deliver new and evolving security requirements through the Software Development Lifecycle (SDLC) within an Independent Developer Environment.

This position requires a delivery-focused security professional with strong project execution skills who can coordinate across engineering, security, and governance teams to ensure security controls are effectively designed, implemented, and tracked.

In This Role, You Will:

• Consult on complex initiatives with broad impact related to Information Security Engineering
• Partner with Agile delivery teams to plan, track, and deliver security requirements across the SDLC
• Drive execution of security initiatives by coordinating timelines, dependencies, and deliverables
• Translate security policies, standards, and control requirements into actionable technical work
• Review and analyze complex, multi-faceted security challenges requiring evaluation of multiple factors
• Support implementation of secure development practices within developer environments
• Collaborate with engineering, architecture, risk, and compliance partners
• Monitor progress, identify risks or blockers, and escalate as appropriate
• Ensure security deliverables align with enterprise policies, procedures, and compliance requirements
• Provide clear status updates, documentation, and reporting to stakeholders

Required Qualifications

• 5+ years of Information Security Engineering experience, or equivalent demonstrated through work, consulting, training, military experience, or education
• Experience supporting security initiatives within Agile or SDLC-based delivery models
• Strong understanding of application security, secure SDLC, or software security controls
• Proven ability to manage and deliver security requirements across multiple teams
• Experience working in large, regulated enterprise environments

Tools, Technologies & Skills (Possible / Preferred)

Security & SDLC Tools

• Static Application Security Testing (SAST) tools (e.g., Checkmarx, Fortify, Veracode)
• Dynamic Application Security Testing (DAST) tools
• Software Composition Analysis (SCA) tools (e.g., Black Duck, Snyk, Mend)
• Vulnerability management platforms
• Secure code scanning and dependency management tools

Development & DevOps

• CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI, Azure DevOps)
• Source control systems (Git-based platforms)
• Developer environments and build pipelines
• Familiarity with containerized and cloud-native applications

Cloud & Infrastructure Security

• Cloud platforms (AWS, Azure, or GCP)
• Identity and access management concepts
• Secure configuration and policy enforcement
• Infrastructure-as-Code (IaC) security concepts

Governance, Risk & Compliance

• Secure SDLC frameworks
• Risk assessments and control validation
• Regulatory or compliance-driven security requirements
• Policy interpretation and control mapping

Delivery & Project Execution

• Agile, Scrum, or SAFe methodologies
• Work tracking tools (JIRA, Confluence, Azure Boards)
• Strong dependency management and delivery coordination skills
• Experience leading security deliverables across multiple teams

Data, Reporting & Communication

• Dashboarding or reporting tools (e.g., Power BI, Tableau)
• Strong documentation and executive-level communication skills
• Ability to translate technical security requirements into business-focused outcomes

Desired Qualifications

• Experience acting as a security delivery lead or security-focused project manager
• Strong ability to influence without authority in matrixed environments
• Experience supporting developer-centric security programs
• Background in enterprise software development or platform engineering is a plus

Additional Information

• This role is delivery and coordination focused, not a SOC or cyber-operations role
• Hands-on coding is not required, but strong technical security knowledge is expected